I've just started working with Spring's Velocity macros, however I have encountered an HTML escaping problem when using select lists. The labels for the generated options are not escaped.

The macro for outputting a single select list is copied below, full src here:

Code:
#macro( springFormSingleSelect $path $options $attributes )
    #springBind($path)
    <select id="${status.expression}" name="${status.expression}" ${attributes}>
        #foreach($option in $options.keySet())
            <option value="${option}"
            #if("$!status.value" == "$option")
                selected="selected"
            #end>
            ${options.get($option)}</option>
        #end
    </select>
#end
The problematic piece of code is ${options.get($option)}</option>, at this point the raw value from the map will be output as HTML leading to security vulnerabilities etc. This problems seems to exist for springFormMultiSelect, springFormRadioButtons & springFormCheckboxes also.

Does anyone have a solution for this problem? I can't work out a tidy way to patch spring.vm without adding a dependency on velocity's EscapeTool.