projects
/
kivitendo-erp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'master' of vc.linet-services.de:public/lx-office-erp
[kivitendo-erp.git]
/
templates
/
webpages
/
ic
/
assembly_row.html
diff --git
a/templates/webpages/ic/assembly_row.html
b/templates/webpages/ic/assembly_row.html
index
c7f8d83
..
02a7804
100644
(file)
--- a/
templates/webpages/ic/assembly_row.html
+++ b/
templates/webpages/ic/assembly_row.html
@@
-1,5
+1,6
@@
[%- USE T8 %]
[%- USE LxERP %]
[%- USE T8 %]
[%- USE LxERP %]
+[%- USE HTML %]
<tr class=listheading>
<th class=listheading>[% 'Individual Items' | $T8 %]</th>
</tr>
<tr class=listheading>
<th class=listheading>[% 'Individual Items' | $T8 %]</th>
</tr>
@@
-19,7
+20,7
@@
<td[% ' align=' _ rcol.align IF rcol.align %]>[%- rcol.data %]</td>
[%- END %]
[%- FOREACH hidden = row.hiddens %]
<td[% ' align=' _ rcol.align IF rcol.align %]>[%- rcol.data %]</td>
[%- END %]
[%- FOREACH hidden = row.hiddens %]
- <input type=hidden name="[%
hidden.name %]" value="[% hidden.value
%]">
+ <input type=hidden name="[%
HTML.escape(hidden.name) %]" value="[% HTML.escape(hidden.value)
%]">
[%- END %]
</tr>
[%- END %]
[%- END %]
</tr>
[%- END %]