escape json value in relation template (#598)

jowilf · web-flow · commit 64ce44bfe7ba · 2024-10-25T16:57:01.000-05:00
diff --git a/starlette_admin/__init__.py b/starlette_admin/__init__.py
@@ -1,4 +1,4 @@
-__version__ = "0.15.0rc0"
+__version__ = "0.15.0rc1"
 
 from ._types import ExportType as ExportType
 from ._types import RequestAction as RequestAction
diff --git a/starlette_admin/templates/forms/relation.html b/starlette_admin/templates/forms/relation.html
@@ -8,7 +8,7 @@
             class="form-control {{ 'field-has-one' if not field.many else 'field-has-many' }} {% if error %}is-invalid{% endif %}"
             data-url="{{ url_for(__name__ ~ ':api', identity=foreign_model.identity) }}"
             data-pk="{{ fpk }}"
-            {% if data %}data-initial="{{ (data if field.multiple else [data]) |tojson }}" {% endif %}
+            {% if data %}data-initial="{{ (data if field.multiple else [data]) |tojson |forceescape }}" {% endif %}
             {% if field.multiple %}multiple{% endif %}>
     </select>
     {% if field.help_text %}

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-__version__ = "0.15.0rc0"`
	`1`	`+__version__ = "0.15.0rc1"`
`2`	`2`
`3`	`3`	`from ._types import ExportType as ExportType`
`4`	`4`	`from ._types import RequestAction as RequestAction`