-<body onload="fokus()">
+[% USE HTML %]<body onload="fokus()">
-<form name="Form" method="post" action="<TMPL_VAR script>">
+<form name="Form" method="post" action="[% script %]">
<table width="100%">
<tr class="listtop">
- <th class="listtop"><TMPL_VAR title></th>
+ <th class="listtop">[% title %]</th>
</tr>
<tr height="5"></tr>
<tr>
<tr>
<th align="right" nowrap><translate>To</translate></th>
- <td><input name="email" size="30" value="<TMPL_VAR email>"></td>
+ <td><input name="email" size="30" value="[% HTML.escape(email) %]"></td>
</tr>
<tr>
<th align="right" nowrap><translate>Cc</translate></th>
- <td><input name="cc" size="30" value="<TMPL_VAR cc>"></td>
+ <td><input name="cc" size="30" value="[% HTML.escape(cc) %]"></td>
</tr>
-<TMPL_IF SHOW_BCC>
+[% IF SHOW_BCC %]
<tr>
<th align="right" nowrap><translate>Bcc</translate></th>
- <td><input name="bcc" size="30" value="<TMPL_VAR bcc>"></td>
- </tr></TMPL_IF>
+ <td><input name="bcc" size="30" value="[% HTML.escape(bcc) %]"></td>
+ </tr>[% END %]
<tr>
<th align="right" nowrap><translate>Subject</translate></th>
- <td><input name="subject" size="30" value="<TMPL_VAR subject>"></td>
+ <td><input name="subject" size="30" value="[% HTML.escape(subject) %]"></td>
</tr>
<tr>
<th align="right" nowrap><translate>Attachment name</translate></th>
- <td><input name="attachment_filename" size="30" value="<TMPL_VAR a_filename>"></td>
+ <td><input name="attachment_filename" size="30" value="[% HTML.escape(a_filename) %]"></td>
</table>
</td>
</tr>
<th align="left" nowrap><translate>Message</translate></th>
</tr>
<tr>
- <td><textarea name="message" rows="15" cols="60" wrap="soft"><TMPL_VAR message></textarea></td>
+ <td><textarea name="message" rows="15" cols="60" wrap="soft">[% HTML.escape(message) %]</textarea></td>
</tr>
</table>
<tr>
<td>
-<TMPL_VAR _print_options_>
-<TMPL_LOOP HIDDEN><input type="hidden" name="<TMPL_VAR name>" value="<TMPL_VAR value ESCAPE=HTML>"></TMPL_LOOP>
+[% print_options %]
+[% FOREACH row = HIDDEN %]<input type="hidden" name="[% row.name %]" value="[% HTML.escape(row.value) %]">
+[% END %]
</td>
</tr>