hidden var korrekt escapen.
authorSven Schöling <s.schoeling@linet-services.de>
Mon, 17 Oct 2011 09:31:38 +0000 (11:31 +0200)
committerSven Schöling <s.schoeling@linet-services.de>
Mon, 17 Oct 2011 09:31:38 +0000 (11:31 +0200)
templates/webpages/oe/form_footer.html

index ef6bc85..e22ee11 100644 (file)
 <input type="hidden" name="action" value="dispatcher">
 <input type="hidden" name="saved_xyznumber" value="[% HTML.escape(saved_xyznumber) %]">
 <input type="hidden" name="rowcount" value="[% HTML.escape(rowcount) %]">
-<input type="hidden" name="callback" value="[% callback %]">
+<input type="hidden" name="callback" value="[% callback | html %]">
 [% IF vc == 'customer' %]
   <input type="hidden" name="customer_discount" value="[% HTML.escape(customer_discount) %]">
 [% ELSE %]