From 802ec2d91336ba0b5ca5dfde7c9464ba531ffe60 Mon Sep 17 00:00:00 2001
From: nate <nate@cakephp.org>
Date: Sat, 28 Oct 2006 16:02:58 +0000
Subject: [PATCH] HTML-escaping select option titles (Ticket #1577)

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@3761 3807eeeb-6ff5-0310-8944-8be069107fe0
---
 cake/libs/view/helpers/form.php | 2 +-
 cake/libs/view/helpers/html.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cake/libs/view/helpers/form.php b/cake/libs/view/helpers/form.php
index f29103eb5..9669fd2d9 100644
--- a/cake/libs/view/helpers/form.php
+++ b/cake/libs/view/helpers/form.php
@@ -373,7 +373,7 @@ class FormHelper extends AppHelper {
 				}
 				
 				if($showParents || (!in_array($title, $parents))) {
-					$select[] = sprintf($this->tags['selectoption'], $name, $this->Html->parseHtmlOptions($htmlOptions), $title);
+					$select[] = sprintf($this->tags['selectoption'], $name, $this->Html->parseHtmlOptions($htmlOptions), h($title));
 				}
 			}
 		}
diff --git a/cake/libs/view/helpers/html.php b/cake/libs/view/helpers/html.php
index 3b18afefa..b254a334a 100644
--- a/cake/libs/view/helpers/html.php
+++ b/cake/libs/view/helpers/html.php
@@ -588,7 +588,7 @@ class HtmlHelper extends AppHelper {
 				$optionsHere['selected'] = 'selected';
 			}
 
-			$select[] = sprintf($this->tags['selectoption'], $name, $this->parseHtmlOptions($optionsHere), $title);
+			$select[] = sprintf($this->tags['selectoption'], $name, $this->parseHtmlOptions($optionsHere), h($title));
 		}
 
 		$select[] = sprintf($this->tags['selectend']);