-[% USE LxERP %]
-<table width=100%>
+[% USE HTML %][% USE LxERP %]
+<table width="100%">
<tr>
<td>
- <table width=100%>
- <tr class=listheading>
- <th class=listheading><translate>Shipping Address</translate></th>
- <th class=listheading><translate>Invoice</translate></th>
- <th class=listheading><translate>Order</translate></th>
- <th class=listheading><translate>Invdate</translate></th>
- <th class=listheading><translate>Description</translate></th>
- <th class=listheading><translate>Qty</translate></th>
- <th class=listheading><translate>Unit</translate></th>
- <th class=listheading><translate>Sell Price</translate></th>
+ <table width="100%">
+ <tr class="listheading">
+ <th class="listheading"><translate>Shipping Address</translate></th>
+ <th class="listheading"><translate>Invoice</translate></th>
+ <th class="listheading"><translate>Order</translate></th>
+ <th class="listheading"><translate>Invdate</translate></th>
+ <th class="listheading"><translate>Description</translate></th>
+ <th class="listheading"><translate>Qty</translate></th>
+ <th class="listheading"><translate>Unit</translate></th>
+ <th class="listheading"><translate>Sell Price</translate></th>
</tr>
[%- FOREACH row = DELIVERY %]
- <tr class=listrow[% loop.count % 2 %]>
-
- <td>[% row.shiptoname UNLESS loop.prev.shiptoname == row.shiptoname %] </td>
- <td>[% row.invnumber %] </td>
- <td>[% row.ordnumber %] </td>
- <td>[% row.transdate %] </td>
- <td>[% row.description %] </td>
- <td>[% row.qty %] </td>
- <td>[% row.unit %] </td>
+ <tr class="listrow[% loop.count % 2 %]">
+ <td>[% HTML.escape(row.shiptoname) UNLESS loop.prev.shiptoname == row.shiptoname %] </td>
+ <td>[% HTML.escape(row.invnumber) %] </td>
+ <td>[% HTML.escape(row.ordnumber) %] </td>
+ <td>[% HTML.escape(row.transdate) %] </td>
+ <td>[% HTML.escape(row.description) %] </td>
+ <td>[% HTML.escape(row.qty) %] </td>
+ <td>[% HTML.escape(row.unit) %] </td>
<td>[% LxERP.format_amount(row.sellprice, 2) %] </td>
</tr>
[%- END %]