-[% USE LxERP %]
-<table width=100%>
+[% USE HTML %][% USE LxERP %]
+<table width="100%">
<tr>
<td>
- <table width=100%>
- <tr class=listheading>
- <th class=listheading>Lieferadresse</th>
- <th class=listheading>Rechnung</th>
- <th class=listheading>Auftrag</th>
- <th class=listheading>Rechnungsdatum</th>
- <th class=listheading>Beschreibung</th>
- <th class=listheading>Menge</th>
- <th class=listheading>Einheit</th>
- <th class=listheading>Verkaufspreis</th>
+ <table width="100%">
+ <tr class="listheading">
+ <th class="listheading">Lieferadresse</th>
+ <th class="listheading">Rechnung</th>
+ <th class="listheading">Auftrag</th>
+ <th class="listheading">Rechnungsdatum</th>
+ <th class="listheading">Beschreibung</th>
+ <th class="listheading">Menge</th>
+ <th class="listheading">Einheit</th>
+ <th class="listheading">Verkaufspreis</th>
</tr>
[%- FOREACH row = DELIVERY %]
- <tr class=listrow[% loop.count % 2 %]>
-
- <td>[% row.shiptoname UNLESS loop.prev.shiptoname == row.shiptoname %] </td>
- <td>[% row.invnumber %] </td>
- <td>[% row.ordnumber %] </td>
- <td>[% row.transdate %] </td>
- <td>[% row.description %] </td>
- <td>[% row.qty %] </td>
- <td>[% row.unit %] </td>
+ <tr class="listrow[% loop.count % 2 %]">
+ <td>[% HTML.escape(row.shiptoname) UNLESS loop.prev.shiptoname == row.shiptoname %] </td>
+ <td>[% HTML.escape(row.invnumber) %] </td>
+ <td>[% HTML.escape(row.ordnumber) %] </td>
+ <td>[% HTML.escape(row.transdate) %] </td>
+ <td>[% HTML.escape(row.description) %] </td>
+ <td>[% HTML.escape(row.qty) %] </td>
+ <td>[% HTML.escape(row.unit) %] </td>
<td>[% LxERP.format_amount(row.sellprice, 2) %] </td>
</tr>
[%- END %]
projects / kivitendo-erp.git / blobdiff