projects / kivitendo-erp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sonderzeichen in HTML-Ausgabe escapen
[kivitendo-erp.git] / templates / webpages / ic / assembly_row.html
diff --git a/templates/webpages/ic/assembly_row.html b/templates/webpages/ic/assembly_row.html
index c7f8d83..02a7804 100644 (file)
--- a/templates/webpages/ic/assembly_row.html
+++ b/templates/webpages/ic/assembly_row.html
@@ -1,5 +1,6 @@
 [%- USE T8 %]
 [%- USE LxERP %]
+[%- USE HTML %]
   <tr class=listheading>
    <th class=listheading>[% 'Individual Items' | $T8 %]</th>
   </tr>
@@ -19,7 +20,7 @@
       <td[% ' align=' _ rcol.align IF rcol.align %]>[%- rcol.data %]</td>
  [%- END %]
  [%- FOREACH hidden = row.hiddens %]
-      <input type=hidden name="[% hidden.name %]" value="[% hidden.value %]">
+      <input type=hidden name="[% HTML.escape(hidden.name) %]" value="[% HTML.escape(hidden.value) %]">
  [%- END %]
      </tr>
 [%- END %]
Unnamed repository; edit this file 'description' to name the repository.