- <TMPL_LOOP SHIPTO>, <a href="#shipping<TMPL_VAR __counter__>"><translate>Shipping Address</translate> "<TMPL_VAR shiptoname ESCAPE=HTML>"</a></TMPL_LOOP>
- <TMPL_LOOP CONTACTS>, <a href="#contact<TMPL_VAR __counter__>"><translate>Contact Person</translate> "<TMPL_VAR cp_name ESCAPE=HTML>"</a></TMPL_LOOP></p>
+ [% FOREACH shipto = SHIPTO %], <a href="#shipping[% loop.count %]"><translate>Shipping Address</translate> "[% HTML.escape(shipto.shiptoname) %]"</a>[% END %]
+ [% FOREACH contact = CONTACTS %], <a href="#contact[% loop.count %]"><translate>Contact Person</translate> "[% HTML.escape(contact.cp_name) %]"</a>[% END %]</p>