1. Sławek Ehlert
  2. django-selectable


Mark Lavin  committed b5a5f9d

Conditionally escape results of get_item_id, get_item_value and get_item_label. Fixes #63.

  • Participants
  • Parent commits cf6a29f
  • Branches stable

Comments (0)

Files changed (1)

File selectable/base.py

View file
 from django.db.models import Q
 from django.utils import simplejson as json
 from django.utils.encoding import smart_unicode
+from django.utils.html import conditional_escape
 from django.utils.translation import ugettext as _
 from selectable.forms import BaseLookupForm
     def format_item(self, item):
          return {
-            'id': self.get_item_id(item),
-            'value': self.get_item_value(item),
-            'label': self.get_item_label(item)
+            'id': conditional_escape(self.get_item_id(item)),
+            'value': conditional_escape(self.get_item_value(item)),
+            'label': conditional_escape(self.get_item_label(item))
     def paginate_results(self, request, results, limit):