<tr>
<td style="padding-left:5px;padding-bottom:10px;">
<a href="[% ctx.opac_root %]/record/[% circ.circ.target_copy.call_number.record.id %]"
- name="[% l('Catalog record') %]">[% attrs.title %]</a>
+ name="[% l('Catalog record') %]">[% attrs.title | html %]</a>
[% IF attrs.author %] /
- <a href="[% ctx.opac_root %]/results?qtype=author&query=[% attrs.author | replace('[,\.:;]', '') | url %]">[% attrs.author %]</a>
+ <a href="[% ctx.opac_root %]/results?qtype=author&query=[% attrs.author | replace('[,\.:;]', '') | url %]">[% attrs.author | html %]</a>
[% END %]
</td>
<td style="padding-left:5px;">
<span style='color:blue;'>*</span><!-- meh -->
[% END; %]
</td>
- <td>[% circ.circ.target_copy.barcode %]</td>
- <td>[% circ.circ.target_copy.call_number.label %]</td>
+ <td>[% circ.circ.target_copy.barcode | html %]</td>
+ <td>[% circ.circ.target_copy.call_number.label | html %]</td>
</tr>
[% END %]
</tbody>
<td width="40%"
style="padding-left:5px;padding-bottom:10px;"
name="author">
- <a href="[% ctx.opac_root %]/record/[% circ.circ.target_copy.call_number.record.id %]" name="[% l('Catalog record') %]">[% attrs.title %]</a>
+ <a href="[% ctx.opac_root %]/record/[% circ.circ.target_copy.call_number.record.id %]" name="[% l('Catalog record') %]">[% attrs.title | html %]</a>
[% IF attrs.author %] /
- <a href="[% ctx.opac_root %]/results?qtype=author&query=[% attrs.author | replace('[,\.:;]', '') | url %]">[% attrs.author %]</a>
+ <a href="[% ctx.opac_root %]/results?qtype=author&query=[% attrs.author | replace('[,\.:;]', '') | url %]">[% attrs.author | html %]</a>
[% END %]
</td>
<td width="8%" name="renewals" align="center">
[% date.format(ctx.parse_datetime(circ.circ.due_date),DATE_FORMAT) %]
</td>
<td width="16%" name="barcode">
- [% circ.circ.target_copy.barcode %]
+ [% circ.circ.target_copy.barcode | html %]
</td>
<td width="22%" name="call_number">
- [% circ.circ.target_copy.call_number.label %]
+ [% circ.circ.target_copy.call_number.label | html %]
</td>
</tr>
[% IF circ.renewal_response AND
circ.renewal_response.textcode != 'SUCCESS' %]
<tr>
<td colspan="6">[%# XXX colspan="0" does not work in IE %]
- <span class="failure-text" title="[% circ.renewal_response.textcode %] / [% circ.renewal_response.payload.fail_part %]">
- [% circ.renewal_response.desc || circ.renewal_response.payload.fail_part || circ.renewal_response.textcode %]
+ <span class="failure-text" title="[% circ.renewal_response.textcode | html %] / [% circ.renewal_response.payload.fail_part | html %]">
+ [% (circ.renewal_response.desc || circ.renewal_response.payload.fail_part || circ.renewal_response.textcode) | html %]
</span>
</td>
</tr>
</div>
</td>
<td width="136">
- [% ctx.get_aou(ahr.pickup_lib).name %]
+ [% ctx.get_aou(ahr.pickup_lib).name | html %]
</td>
<td width="104">
[% IF ahr.frozen == 't' AND ahr.thaw_date;
</div>
</td>
<td width="136">
- [% ctx.get_aou(ahr.pickup_lib).name %]
+ [% ctx.get_aou(ahr.pickup_lib).name | html %]
</td>
<td width="104">
<!-- <input
</div>
<div id="hold_editor">
[% IF hold %]
- <h1>[% attrs.title %]</h1>
- <h2>[% attrs.author %]</h2>
+ <h1>[% attrs.title | html %]</h1>
+ <h2>[% attrs.author | html %]</h2>
[% IF attrs.format_icon %]<p>
<strong>[% l('Format:') %]</strong>
- <img src="[% ctx.media_prefix %]/images/[% attrs.format_icon %]" alt="[% attrs.format %]" title="[% attrs.title %]" />
+ <img src="[% ctx.media_prefix %]/images/[% attrs.format_icon %]" alt="[% attrs.format %]" title="[% attrs.title | html %]" />
</p>[% END %]
<p>
- <strong>[% l('Status') %]</strong>: [% hold.human_status %]
+ <strong>[% l('Status') %]</strong>: [% hold.human_status | html %]
</p>
<form method="POST">
<table id="hold_editor_table">
<big><strong>
[% IF bbag.pub == 't' %]
[% url = 'http://' _ ctx.hostname _ '/opac/extras/feed/bookbag/html-full/' _ bbag.id %]
- <a target='_blank' href='[% url %]'>[% bbag.name %]</a>
+ <a target='_blank' href='[% url %]'>[% bbag.name | html %]</a>
[% ELSE %]
- [% bbag.name %]
+ [% bbag.name | html %]
[% END %]
</strong></big>
</div>
PROCESS get_marc_attrs args=attrs %]
<tr>
<td class="item_list_padding" style="padding-left: 10px;"><input type="checkbox" name="del_item" value="[% item.id %]" bbag='[% bbag.id %]'/></td>
- <td class="item_list_padding" style="padding-left: 5px;">[% attrs.title %]</td>
- <td class="item_list_padding">[% attrs.author %]</td>
+ <td class="item_list_padding" style="padding-left: 5px;">[% attrs.title | html %]</td>
+ <td class="item_list_padding">[% attrs.author | html %]</td>
</tr>
[% END %]
</tbody>
<td>
[% recid = f.xact.circulation.target_copy.call_number.record.id || f.xact.reservation.target_resource_type.record.id;
IF recid; %]
- <a href="[% ctx.opac_root %]/record/[% recid %]">[% attrs.title %]</a>
+ <a href="[% ctx.opac_root %]/record/[% recid %]">[% attrs.title | html %]</a>
[% ELSE %]
- [% attrs.title %]
+ [% attrs.title | html %]
[% END %]
</td>
<td>
- <a href="[% ctx.opac_root %]/results?qtype=author&query=[% attrs.author | replace('[,\.:;]', '') | url %]">[% attrs.author %]</a>
+ <a href="[% ctx.opac_root %]/results?qtype=author&query=[% attrs.author | replace('[,\.:;]', '') | url %]">[% attrs.author | html %]</a>
</td>
<td name='myopac_circ_trans_start'>
[% ts = f.xact.circulation.xact_start || f.xact.reservation.start_time || 0;
(ctx.printable_receipt.textcode ? ctx.printable_receipt.textcode _ ' / ' _ ctx.printable_receipt.desc : 0) ||
ctx.printable_receipt.error_output.data ||
l('No receipt data returned from server')
- ) %]
+ ) | html %]
</div>
[% END %]
<p>[ <a href="[% ctx.opac_root %]/myopac/main">[%
attrs.title = f.xact.reservation.target_resource_type.name;
END %]
<tr>
- <td>[% attrs.title %]</td>
+ <td>[% attrs.title | html %]</td>
<td class="text-right">[% money(f.xact.balance_owed) %]</td>
</tr>
[%
NEXT IF CGI.param('xact_misc').size &&
!CGI.param('xact_misc').grep(f.xact.id).size %]
<tr>
- <td>[% f.xact.last_billing_type %]</td>
+ <td>[% f.xact.last_billing_type | html %]</td>
<td class="text-right">[% money(f.xact.balance_owed) %]</td>
</tr>
[% END %]
[% FOR payment IN ctx.payments %]
<tr>
<td>[% date.format(ctx.parse_datetime(payment.mp.payment_ts), DATE_FORMAT) %]</td>
- <td>[% (payment.xact_type == 'grocery') ? payment.last_billing_type : payment.title %]</td>
+ <td>[%
+ btype = payment.last_billing_type | html;
+ ptitle = payment.title | html;
+ (payment.xact_type == 'grocery') ? btype : ptitle
+ %]</td>
<td>[% money(payment.mp.amount) %]</td>
<td>
<form action="[% ctx.opac_root %]/myopac/receipt_print" method="POST">
<tr>
<td class='color_4 light_border'>
[% l("Home Library") %]</td>
- <td class='light_border'>[% ctx.user.home_ou.name %]</td>
+ <td class='light_border'>[% ctx.user.home_ou.name | html %]</td>
<td><a href='#'
class="hide_me"
style='text-decoration: underline;'>[% l("Change") %]</a></td>
IF addr.pending == "t";
"<strong>" _ l("*** PENDING ***") _ "</strong> ";
END;
- addr.address_type | lower | ucfirst;
+ addr.address_type | lower | ucfirst | html ;
%]</td>
</tr>
<tr>
[% END %]
[% FOR optin IN ctx.opt_in_settings %]
<tr>
- <td>[% optin.cust.label %]</td>
+ <td>[% optin.cust.label | html %]</td>
<td>
<input type='checkbox' name='setting'
- value='[% optin.cust.name %]'
+ value='[% optin.cust.name | uri %]'
[% IF optin.value %] checked='checked' [% END %]/>
</td>
</tr>
[% setting = 'opac.hits_per_page' %]
<select name='[% setting %]'>
[% FOR val IN [5, 8, 10, 15, 20, 25, 50] %]
- <option value='[% val %]'
+ <option value='[% val | uri %]'
[% IF ctx.user_setting_map.$setting == val %]
- selected='selected'[% END %]>[% val %]</option>
+ selected='selected'[% END %]>[% val | html %]</option>
[% END %]
</select>
</td>
[% IF ctx.email_receipt_result; # result should be undef on success %]
<div class="payment-error">
[% l('Error preparing receipt:') %]
- <span title="[% ctx.email_receipt_result.textcode %]">
- [% ctx.email_receipt_result.desc %]
+ <span title="[% ctx.email_receipt_result.textcode | html %]">
+ [% ctx.email_receipt_result.desc | html %]
</span>
</div>
[% ELSE %]
- <div>[% l('Your receipt will be emailed to [_1]', ctx.user.email) %]</div>
+ <div>
+ [% l('Your receipt will be emailed to [_1]', ctx.user.email) | html %]
+ </div>
[% END %]
<p>
[ <a href="[% ctx.opac_root %]/myopac/main_payments">[%
(ctx.printable_receipt.textcode ? ctx.printable_receipt.textcode _ ' / ' _ ctx.printable_receipt.desc : 0) ||
ctx.printable_receipt.error_output.data ||
l('No receipt data returned from server')
- ) %]
+ ) | html %]
</div>
[% END %]
<hr />
[% IF ctx.invalid_email %]
<div id='account-update-email-error'>
- [% | l(ctx.invalid_email) %]
- The email address "<b>[_1]</b>" is invalid. Please try a different email address.
- [% END %]
+ [% l('The email address "<b>[_1]</b>" is invalid. Please try a different email address.', ctx.invalid_email) | html %]
</div>
[% END %]
[% IF ctx.invalid_username %]
<div id='account-update-email-error'> <!-- borrow css from update-email page -->
- [% | l(ctx.invalid_username) %]
- "<b>[_1]</b>" is not a valid username. Usernames cannot have any spaces. Please try a different username.
- [% END %]
+ [% l('"<b>[_1]</b>" is not a valid username. Usernames cannot have any spaces. Please try a different username.', ctx.invalid_username) | html %]
</div>
[% ELSIF ctx.username_exists %]
<div id='account-update-email-error'>
- [% | l(ctx.username_exists) %]
+ [% bad_user = ctx.username_exists | html %]
+ [% | l(bad_user) %]
The username "<b>[_1]</b>" is taken. Please try a different username.
[% END %]
</div>
projects / working / Evergreen.git / commitdiff