From 221090bb40a53622d990b63432160729e6d02aa5 Mon Sep 17 00:00:00 2001
From: Evan Winslow <evan.b.winslow@gmail.com>
Date: Fri, 16 Jul 2010 20:28:02 +0000
Subject: Escapes input attribute values with htmlspecialchars and removes
 default empty value from default inputs

---
 views/default/input/default.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'views')

diff --git a/views/default/input/default.php b/views/default/input/default.php
index 050e3b765..0577b34e5 100644
--- a/views/default/input/default.php
+++ b/views/default/input/default.php
@@ -45,7 +45,6 @@ if (isset($vars['js'])) {
 // default attributes
 $defaults = array(
 	'type' => 'text',
-	'value'	=> '',
 );
 
 $attributes = array_merge($defaults, $vars);
@@ -58,6 +57,7 @@ foreach ($attributes as $attr => $val) {
 	if ($val === TRUE) {
 		$element[] = $attr;
 	} elseif ($val !== FALSE) {
+		$val = htmlspecialchars($val);
 		$element[] = "$attr=\"$val\"";
 	}
 }
-- 
cgit v1.2.3