Bug 19738: Fix XSS on vendor name in serials module

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / serials / acqui-search-result.tt

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/acqui-search-result.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/acqui-search-result.tt
index a3580ff..72845cc 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/acqui-search-result.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/acqui-search-result.tt
@@ -42,8 +42,8 @@ $(document).ready(function(){
        </tr>
        [% FOREACH loop_supplier IN loop_suppliers %]
         <tr>
-                       <td>[% loop_supplier.name %]</td>
-            <td><a class="btn btn-mini select_vendor" href="#" data-vendorid="[% loop_supplier.aqbooksellerid %]" data-vendorname="[% loop_supplier.name |html%]">Choose</a></td>
+            <td>[% loop_supplier.name |html %]</td>
+            <td><a class="btn btn-default btn-xs select_vendor" href="#" data-vendorid="[% loop_supplier.aqbooksellerid %]" data-vendorname="[% loop_supplier.name |html%]">Choose</a></td>
                </tr>
        [% END %]
 </table>