hidden var korrekt escapen.

[kivitendo-erp.git] / templates / webpages / oe / form_footer.html

diff --git a/templates/webpages/oe/form_footer.html b/templates/webpages/oe/form_footer.html
index ef6bc85..e22ee11 100644 (file)
--- a/templates/webpages/oe/form_footer.html
+++ b/templates/webpages/oe/form_footer.html
@@ -176,7 +176,7 @@
 <input type="hidden" name="action" value="dispatcher">
 <input type="hidden" name="saved_xyznumber" value="[% HTML.escape(saved_xyznumber) %]">
 <input type="hidden" name="rowcount" value="[% HTML.escape(rowcount) %]">
-<input type="hidden" name="callback" value="[% callback %]">
+<input type="hidden" name="callback" value="[% callback | html %]">
 [% IF vc == 'customer' %]
   <input type="hidden" name="customer_discount" value="[% HTML.escape(customer_discount) %]">
 [% ELSE %]