auch ids müssen in der Multibox escaped werden.

author Sven Schöling <s.schoeling@linet-services.de>

Wed, 3 Mar 2010 13:53:45 +0000 (14:53 +0100)

committer Sven Schöling <s.schoeling@linet-services.de>

Wed, 3 Mar 2010 13:53:45 +0000 (14:53 +0100)
author Sven Schöling <s.schoeling@linet-services.de>
Wed, 3 Mar 2010 13:53:45 +0000 (14:53 +0100)
committer Sven Schöling <s.schoeling@linet-services.de>
Wed, 3 Mar 2010 13:53:45 +0000 (14:53 +0100)
diff --git a/templates/webpages/generic/multibox.html b/templates/webpages/generic/multibox.html

index 7225b03..ccb87cb 100644 (file)
--- a/templates/webpages/generic/multibox.html
+++ b/templates/webpages/generic/multibox.html
@@ -62,7 +62,7 @@
    <option value=""></option>
    [%- END %]
    [%- FOREACH row = DATA %]
-  <option value="[% row.id %]"[% IF row.selected %] selected[% END %]>[% HTML.escape(row.label) %]</option>
+  <option value="[% row.id | html %]"[% IF row.selected %] selected[% END %]>[% HTML.escape(row.label) %]</option>
    [%- END %]
  </select>
  [%- END %]
author	Sven Schöling <s.schoeling@linet-services.de>
	Wed, 3 Mar 2010 13:53:45 +0000 (14:53 +0100)
committer	Sven Schöling <s.schoeling@linet-services.de>
	Wed, 3 Mar 2010 13:53:45 +0000 (14:53 +0100)