diff -r 513803cade0a roundup/cgi/KeywordsExpr.py
--- a/roundup/cgi/KeywordsExpr.py	Wed Jul 06 22:19:32 2016 -0400
+++ b/roundup/cgi/KeywordsExpr.py	Thu Jul 07 21:40:43 2016 -0400
@@ -222,14 +222,22 @@
 
 function main_content() {
     var out = '';
+    out += '<span id="MCkeywords_%(prop)s">';
     out += '<input type="hidden" name="%(prop)s" value="' + current + '"\/>';
     out += parse(current).infix();
+    out += '</span>';
     return out;
 }
 
 function modify_main() {
-    main = window.opener.document.getElementById("keywords_%(prop)s");
-    main.innerHTML = main_content();
+    main = window.opener.document.getElementById("MCkeywords_%(prop)s");
+    if ( main == null ) {
+        main = window.opener.document.getElementById("keywords_%(prop)s");
+        select = main.getElementsByTagName("SELECT")[0];
+        select.outerHTML = main_content();
+    } else {
+      main.outerHTML = main_content();
+    }
 }
 
 function set_content() {
diff -r 513803cade0a roundup/cgi/templating.py
--- a/roundup/cgi/templating.py	Wed Jul 06 22:19:32 2016 -0400
+++ b/roundup/cgi/templating.py	Thu Jul 07 21:40:43 2016 -0400
@@ -20,7 +20,7 @@
 __docformat__ = 'restructuredtext'
 
 
-import cgi, urllib, re, os.path, mimetypes, csv
+import cgi, urllib, re, os.path, mimetypes, csv, string
 import calendar
 import textwrap
 
@@ -116,9 +116,14 @@
     def _find(self, name):
         """ Find template, return full path and filename of the
             template if it is found, None otherwise."""
+        realsrc = os.path.realpath(self.dir)
         for extension in ['', '.html', '.xml']:
             f = name + extension
-            src = os.path.join(self.dir, f)
+            src = os.path.join(realsrc, f)
+            realpath = os.path.realpath(src)
+            print self.dir, realsrc, realpath
+            if string.find(realpath, realsrc) != 0:
+                return # will raise invalid template
             if os.path.exists(src):
                 return (src, f)