<form action="/cgi-bin/koha/acqui/addorder.pl" method="post">
[% FOREACH var IN vars_loop %]
[% FOREACH val IN var.values %]
- <input type="hidden" name="[% var.name %]" value="[% val |html %]" />
+ <input type="hidden" name="[% var.name | html %]" value="[% val | html %]" />
[% END %]
[% END %]
<input type="hidden" name="confirm_budget_exceeding" value="1" />
<p>Warning! Order total amount exceeds allowed budget.</p>
[% END %]
[% IF (encumbrance_exceeded) %]
- <p>Warning! You will exceed [% encumbrance %]% of your fund.</p>
+ <p>Warning! You will exceed [% encumbrance | html %]% of your fund.</p>
[% END %]
[% IF (expenditure_exceeded) %]
- <p>Warning! You will exceed maximum limit ([% expenditure %][% IF (currency) %] [% currency %][% END %]) for your fund.</p>
+ <p>Warning! You will exceed maximum limit ([% expenditure | html %][% IF (currency) %] [% currency | html %][% END %]) for your fund.</p>
[% END %]
<p>Do you want to confirm this order?</p>
<button type="submit" class="approve"><i class="fa fa-fw fa-check"></i> Yes, I confirm</button>
- <button type="button" class="deny" onclick="window.location.href = '[% referer %]'"><i class="fa fa-fw fa-remove"></i> No, I don't confirm</button>
+ <button type="button" class="deny" onclick="window.location.href = '[% referer | html %]'"><i class="fa fa-fw fa-remove"></i> No, I don't confirm</button>
</div>
</form>
[% END %]