diff --git a/templates/forms/CheckboxSetField.ss b/templates/forms/CheckboxSetField.ss
index 49c298da0..847c153f2 100644
--- a/templates/forms/CheckboxSetField.ss
+++ b/templates/forms/CheckboxSetField.ss
@@ -2,8 +2,8 @@
<% if $Options.Count %>
<% loop $Options %>
- checked="checked"<% end_if %><% if $isDisabled %> disabled="disabled"<% end_if %> />
-
+ checked="checked"<% end_if %><% if $isDisabled %> disabled="disabled"<% end_if %> />
+
<% end_loop %>
<% else %>
diff --git a/templates/forms/DropdownField.ss b/templates/forms/DropdownField.ss
index 5d5c24d04..13458e7fa 100644
--- a/templates/forms/DropdownField.ss
+++ b/templates/forms/DropdownField.ss
@@ -1,5 +1,5 @@
diff --git a/templates/forms/OptionsetField.ss b/templates/forms/OptionsetField.ss
index bb8818a6f..f8124042c 100644
--- a/templates/forms/OptionsetField.ss
+++ b/templates/forms/OptionsetField.ss
@@ -1,8 +1,8 @@
diff --git a/tests/forms/CheckboxSetFieldTest.php b/tests/forms/CheckboxSetFieldTest.php
index ac4bc22d6..e99b64c49 100644
--- a/tests/forms/CheckboxSetFieldTest.php
+++ b/tests/forms/CheckboxSetFieldTest.php
@@ -144,6 +144,17 @@ class CheckboxSetFieldTest extends SapphireTest {
$this->assertEquals('Test,Another', $dbValue);
}
+ public function testEscapedOptions() {
+ $field = new CheckboxSetField('Content', 'Content', array(
+ 'Test' => 'Test',
+ 'Another' => 'Another',
+ ));
+
+ $html = $field->Field();
+ $this->assertContains('Content[Another<weirdvalue>]', $html, 'Option name is escaped');
+ $this->assertContains('value="Another<weirdvalue>', $html, 'Option value is escaped');
+ }
+
}
/**
diff --git a/tests/forms/DropdownFieldTest.php b/tests/forms/DropdownFieldTest.php
index 1167cc5f4..8d9020565 100644
--- a/tests/forms/DropdownFieldTest.php
+++ b/tests/forms/DropdownFieldTest.php
@@ -208,7 +208,17 @@ class DropdownFieldTest extends SapphireTest {
$disabledOptions = $this->findDisabledOptionElements($field->Field());
$this->assertEquals(count($disabledOptions), 0, 'There are no disabled options');
}
-
+
+ public function testEscapedOptions() {
+ $field = new DropdownField('Content', 'Content', array(
+ 'Test' => 'Test',
+ 'Another' => 'Another',
+ ));
+
+ $html = $field->Field();
+ $this->assertContains('value="Another<weirdvalue>', $html, 'Option value is escaped');
+ }
+
/**
* Create a test dropdown field, with the option to
* set what source and blank value it should contain
@@ -293,4 +303,4 @@ class DropdownFieldTest extends SapphireTest {
return $foundDisabled;
}
-}
\ No newline at end of file
+}
diff --git a/tests/forms/OptionsetFieldTest.php b/tests/forms/OptionsetFieldTest.php
index 81d66fe77..d03b262a4 100644
--- a/tests/forms/OptionsetFieldTest.php
+++ b/tests/forms/OptionsetFieldTest.php
@@ -34,4 +34,15 @@ class OptionsetFieldTest extends SapphireTest {
preg_match('/Yes/', $field->Field(), $matches);
$this->assertEquals($matches[0], 'Yes');
}
+
+ public function testEscapedOptions() {
+ $field = new OptionsetField('Content', 'Content', array(
+ 'Test' => 'Test',
+ 'Another' => 'Another',
+ ));
+
+ $html = $field->Field();
+ $this->assertContains('value="Another<weirdvalue>', $html, 'Option value is escaped');
+ }
+
}