invoice batch download fix, #11871

[freeside.git] / httemplate / elements / header-popup.html

diff --git a/httemplate/elements/header-popup.html b/httemplate/elements/header-popup.html
index 2bd4a96..d009f6b 100644 (file)
--- a/httemplate/elements/header-popup.html
+++ b/httemplate/elements/header-popup.html
@@ -20,17 +20,17 @@ Example:
 <HTML>
   <HEAD>
     <TITLE>
-      <% $title %>
+      <% $title |h %>
     </TITLE>
     <META HTTP-Equiv="Cache-Control" Content="no-cache">
     <META HTTP-Equiv="Pragma" Content="no-cache">
     <META HTTP-Equiv="Expires" Content="0"> 
     <% $head %>
   </HEAD>
-  <BODY BGCOLOR="#f8f8f8" <% $etc %>>
+  <BODY <% $etc %>>
     <link href="<%$fsurl%>elements/freeside.css" type="text/css" rel="stylesheet">
     <FONT SIZE=6>
-      <CENTER><% $title %></CENTER>
+      <CENTER><% $title |h %></CENTER>
     </FONT>
 
 % unless ( $nobr ) {
@@ -55,6 +55,7 @@ if ( ref($_[0]) ) {
   $etc = @_ ? shift : ''; #$etc is for things like onLoad= etc.
   $head = @_ ? shift : ''; #$head is for things that go in the <HEAD> section
 }
+$etc .= 'BGCOLOR="#f8f8f8"' if (! $etc =~ /BGCOLOR/i );
 
 my $conf = new FS::Conf;