--- loncom/homework/edit.pm	2005/04/07 06:56:21	1.92
+++ loncom/homework/edit.pm	2005/06/07 01:33:19	1.93
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA 
 # edit mode helpers
 #
-# $Id: edit.pm,v 1.92 2005/04/07 06:56:21 albertel Exp $
+# $Id: edit.pm,v 1.93 2005/06/07 01:33:19 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -654,12 +654,12 @@ sub select_arg {
     foreach my $option (@$list) {
 	my ($text,$value);
 	if ( ref($option) eq 'ARRAY') {
-	    $value='value="'.$$option[0].'"';
+	    $value='value="'.&HTML::Entities::encode($$option[0]).'"';
 	    $text=$$option[1];
 	    $option=$$option[0];
 	} else {
 	    $text=$option;
-	    $value='value="'.$option.'"';
+	    $value='value="'.&HTML::Entities::encode($option,'\'"&<>').'"';
 	}
 	if ( $selected eq $option ) {
 	    $optionlist.="<option $value selected=\"selected\">$text</option>\n";
@@ -683,12 +683,12 @@ sub select_or_text_arg {
     foreach my $option (@$list) {
 	my ($text,$value);
 	if ( ref($option) eq 'ARRAY') {
-	    $value='value="'.$$option[0].'"';
+	    $value='value="'.&HTML::Entities::encode($$option[0]).'"';
 	    $text=$$option[1];
 	    $option=$$option[0];
 	} else {
 	    $text=$option;
-	    $value='value="'.$option.'"';
+	    $value='value="'.&HTML::Entities::encode($option,'\'"&<>').'"';
 	}
 	if ( $selected eq $option ) {
 	    $optionlist.="<option $value selected=\"selected\">$text</option>\n";