From fdf05ec8e8f1e1466715309597c6df0acdca8d6e Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 27 May 2020 18:58:48 +0100 Subject: [PATCH] Force encoding of entities in option name/value/title --- lib/Webperl/Template.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/Webperl/Template.pm b/lib/Webperl/Template.pm index 17156cf..afe12ee 100644 --- a/lib/Webperl/Template.pm +++ b/lib/Webperl/Template.pm @@ -743,10 +743,10 @@ sub build_optionlist { foreach my $option (@{$options}) { my $sel = $selected{$option -> {"value"}} ? ' selected="selected"' : ''; - $optstr .= $self -> process_template($opttem, {"***name***" => $option -> {"name"}, - "***value***" => $option -> {"value"}, + $optstr .= $self -> process_template($opttem, {"***name***" => encode_entities($option -> {"name"}), + "***value***" => encode_entities($option -> {"value"}), "***sel***" => $sel, - "***title***" => defined($option -> {"title"}) ? ' title="'.$option -> {"title"}.'"' : ''}); + "***title***" => defined($option -> {"title"}) ? ' title="'.encode_entities($option -> {"title"}).'"' : ''}); } # Handle select options, if any.