From 320f7bfb1a8112759091d3518987ed5d0579f6a3 Mon Sep 17 00:00:00 2001
From: Samuel Georges <sam@daftspunk.com>
Date: Sat, 21 Feb 2015 19:16:44 +1100
Subject: [PATCH] List text values should be escaped, since they come directly
 from the model values Fxies https://github.com/rainlab/user-plugin/pull/37

---
 modules/backend/widgets/Lists.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/backend/widgets/Lists.php b/modules/backend/widgets/Lists.php
index 1ea0bf1d5..308629924 100644
--- a/modules/backend/widgets/Lists.php
+++ b/modules/backend/widgets/Lists.php
@@ -774,7 +774,15 @@ class Lists extends WidgetBase
     //
 
     /**
-     * Process as boolean switch
+     * Process as text, escape the value
+     */
+    protected function evalTextTypeValue($record, $column, $value)
+    {
+        return htmlentities($value, ENT_QUOTES, 'UTF-8', false);
+    }
+
+    /**
+     * Process as partial reference
      */
     protected function evalPartialTypeValue($record, $column, $value)
     {