Fix xss (#173)

Fix #173 Rewrite multi select widget as a template in order to have all values properly escaped.
author: Alexandre Avenel <avenel.alexandre@gmail.com> 2017-02-16 23:11:30 +0100
committer: Alexandre Avenel <avenel.alexandre@gmail.com> 2017-02-16 23:11:30 +0100
commit: baba943e623ba5d1f12f579e87d04c6cb65fb061 (patch)
tree: 2552c94d2bbee2ae3bb8327e548bc68feb4f1660 /budget/forms.py
parent: 3dd7c67ecf5e2c5d21ec387bbd82e0fa3b90ad5b (diff)
download: ihatemoney-mirror-baba943e623ba5d1f12f579e87d04c6cb65fb061.zip
ihatemoney-mirror-baba943e623ba5d1f12f579e87d04c6cb65fb061.tar.gz
ihatemoney-mirror-baba943e623ba5d1f12f579e87d04c6cb65fb061.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/budget/forms.py b/budget/forms.py
index adf3de7..ac181ec 100644
--- a/budget/forms.py
+++ b/budget/forms.py
@@ -118,7 +118,7 @@ class BillForm(Form):
     payer = SelectField(_("Payer"), validators=[Required()], coerce=int)
     amount = CommaDecimalField(_("Amount paid"), validators=[Required()])
     payed_for = SelectMultipleField(_("For whom?"),
-            validators=[Required()], widget=select_multi_checkbox, coerce=int)
+            validators=[Required()], coerce=int)
     submit = SubmitField(_("Submit"))
     submit2 = SubmitField(_("Submit and add a new one"))
author	Alexandre Avenel <avenel.alexandre@gmail.com>	2017-02-16 23:11:30 +0100
committer	Alexandre Avenel <avenel.alexandre@gmail.com>	2017-02-16 23:11:30 +0100
commit	baba943e623ba5d1f12f579e87d04c6cb65fb061 (patch)
tree	2552c94d2bbee2ae3bb8327e548bc68feb4f1660 /budget/forms.py
parent	3dd7c67ecf5e2c5d21ec387bbd82e0fa3b90ad5b (diff)
download	ihatemoney-mirror-baba943e623ba5d1f12f579e87d04c6cb65fb061.zip ihatemoney-mirror-baba943e623ba5d1f12f579e87d04c6cb65fb061.tar.gz ihatemoney-mirror-baba943e623ba5d1f12f579e87d04c6cb65fb061.tar.bz2