[Koha-patches] [PATCH] More fixes for Bug 2600, HTML tags in titles not escaped in many places

Wed Feb 3 21:20:17 CET 2010

---
 .../prog/en/modules/acqui/basket.tmpl              |    6 +-
 .../prog/en/modules/acqui/neworderempty.tmpl       |    4 +-
 .../prog/en/modules/acqui/parcel.tmpl              |   20 ++++----
 .../prog/en/modules/acqui/z3950_search.tmpl        |   29 ++++++------
 .../prog/en/modules/basket/basket.tmpl             |   48 ++++++++++----------
 .../prog/en/modules/catalogue/detailprint.tmpl     |    4 +-
 .../prog/en/modules/catalogue/issuehistory.tmpl    |    6 +-
 .../prog/en/modules/catalogue/moredetail.tmpl      |   20 ++++----
 .../prog/en/modules/cataloguing/addbooks.tmpl      |   10 ++--
 .../prog/en/modules/circ/branchoverdues.tmpl       |   18 ++++----
 .../prog/en/modules/circ/overdue.tmpl              |   14 +++---
 .../prog/en/modules/circ/transferstoreceive.tmpl   |   16 +++---
 .../prog/en/modules/circ/waitingreserves.tmpl      |   16 +++---
 .../prog/en/modules/labels/result.tmpl             |    2 +-
 .../prog/en/modules/offline_circ/process_koc.tmpl  |    8 ++--
 .../prog/en/modules/reports/serials_stats.tmpl     |   26 +++++-----
 .../prog/en/modules/reserve/request.tmpl           |    4 +-
 .../en/modules/rotating_collections/addItems.tmpl  |    4 +-
 .../prog/en/modules/suggestion/suggestion.tmpl     |    6 +-
 .../modules/virtualshelves/addbybiblionumber.tmpl  |    8 ++--
 .../opac-tmpl/prog/en/modules/opac-account.tmpl    |    8 ++--
 .../opac-tmpl/prog/en/modules/opac-basket.tmpl     |   46 +++++++++---------
 .../opac-tmpl/prog/en/modules/opac-opensearch.tmpl |   12 +++---
 .../prog/en/modules/opac-results-grouped.tmpl      |   20 ++++----
 .../opac-tmpl/prog/en/modules/opac-review.tmpl     |   18 ++++----
 25 files changed, 187 insertions(+), 186 deletions(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tmpl
index c04ad12..510e28d 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tmpl
@@ -113,7 +113,7 @@
                 <!-- /TMPL_UNLESS -->
             <!-- /TMPL_UNLESS -->
             <!-- /TMPL_UNLESS -->
-            
+
     <!-- TMPL_IF NAME="NO_BOOKSELLER" -->
     <h2>Vendor not found</h2>
     <!-- TMPL_ELSE -->
@@ -170,7 +170,7 @@
                 <!-- /TMPL_IF -->
             </div>
         <!-- /TMPL_IF -->
-        
+
         <!-- TMPL_UNLESS name="delete_confirm" -->
         <div id="acqui_basket_content">
         <h2>Order Details</h2>
@@ -237,7 +237,7 @@
                     <!-- TMPL_IF NAME="order_received" --><tr class="disabled"><!-- TMPL_ELSE --><!-- TMPL_IF NAME="toggle" --><tr class="highlight"><!-- TMPL_ELSE --><tr><!-- /TMPL_IF --><!-- /TMPL_IF -->
                         <td>
                             <p><!-- TMPL_IF NAME="order_received" --> (rcvd)<!-- /TMPL_IF -->
-                                <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR name="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a> by <!-- TMPL_VAR NAME="author" -->
+                                <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR name="biblionumber" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a> by <!-- TMPL_VAR NAME="author" -->
                                     <!-- TMPL_IF name="notes" --> <!--TMPL_VAR name="notes" --><!-- /TMPL_IF -->
                                     <!-- TMPL_IF name="isbn"--> - <!-- TMPL_VAR name="isbn" --><!-- /TMPL_IF -->
                                     <!-- TMPL_IF name="publishercode" -->, <!-- TMPL_VAR NAME="publishercode" --><!-- /TMPL_IF -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/neworderempty.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/neworderempty.tmpl
index d3f8296..a77e214 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/neworderempty.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/neworderempty.tmpl
@@ -140,10 +140,10 @@ ff.submit();
         <ol><li>
             <!-- TMPL_IF name="biblionumber" -->
             <span class="label">Title</span>
-                <input type="hidden" size="20" name="title" value="<!-- TMPL_VAR NAME="title" ESCAPE="HTML" -->" /> <span class="title"><!-- TMPL_VAR NAME="title" --></span>
+                <input type="hidden" size="20" name="title" value="<!-- TMPL_VAR NAME="title" ESCAPE="HTML" -->" /> <span class="title"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></span>
             <!-- TMPL_ELSE -->
             <label for="entertitle" class="required">Title: </label>
-                <input type="text" id="entertitle" size="20" name="title" value="<!-- TMPL_VAR NAME="title" ESCAPE="HTML" -->" />
+                <input type="text" id="entertitle" size="20" name="title" value="<!-- TMPL_VAR NAME="title" ESCAPE="html" -->" />
             <!-- /TMPL_IF -->
         </li>
         <li>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tmpl
index 5a6e8a7..a4775eb 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/parcel.tmpl
@@ -3,7 +3,7 @@
             Receipt Summary for <!-- TMPL_VAR NAME="name" --> <!--TMPL_IF Name="invoice"-->Invoice <!-- TMPL_VAR NAME="invoice" --><!--/TMPL_IF --> on <!-- TMPL_VAR NAME="formatteddatereceived" --><!-- TMPL_ELSE -->Receive Orders from <!-- TMPL_VAR NAME="name" --><!-- /TMPL_IF --></title>
 <!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
 <!-- TMPL_INCLUDE NAME="greybox.inc" -->
-<script type="text/javascript" src="<!-- TMPL_VAR NAME="yuipath" -->/json/json-min.js"></script> 
+<script type="text/javascript" src="<!-- TMPL_VAR NAME="yuipath" -->/json/json-min.js"></script>
 <script type="text/JavaScript">
 //<![CDATA[
 
@@ -18,8 +18,8 @@
     });
 
      // Case-insensitive version of jquery's contains function
-     jQuery.extend(jQuery.expr[':'], { 
-	    icontains : "jQuery(a).text().toUpperCase().indexOf(m[3].toUpperCase())>=0" 
+     jQuery.extend(jQuery.expr[':'], {
+	    icontains : "jQuery(a).text().toUpperCase().indexOf(m[3].toUpperCase())>=0"
      });
 
      // Contains exactly function
@@ -77,7 +77,7 @@
 		success: function(o) {
 			var jsonString = o.responseText;
 			var gst = "<!-- TMPL_VAR NAME="gst" -->";
-			try { 
+			try {
 				var orders = YAHOO.lang.JSON.parse(jsonString);
 				var foundCount = orders.length;
 
@@ -93,7 +93,7 @@
                        + '<td>' + order.ecost + '</td>'
                        + '<td>' + order.ordertotal + '</td>'
                        + '<td>'
-                       + '<a href="orderreceive.pl?ordernumber=' + order.ordernumber + '&amp;datereceived=<!-- TMPL_VAR NAME="invoicedatereceived" -->&amp;invoice=<!-- TMPL_VAR NAME="invoice" -->&amp;gst=' + gst + '&amp;freight=' + order.freight + '&amp;supplierid=<!-- TMPL_VAR NAME="supplierid" -->">Receive</a> /' 
+                       + '<a href="orderreceive.pl?ordernumber=' + order.ordernumber + '&amp;datereceived=<!-- TMPL_VAR NAME="invoicedatereceived" -->&amp;invoice=<!-- TMPL_VAR NAME="invoice" -->&amp;gst=' + gst + '&amp;freight=' + order.freight + '&amp;supplierid=<!-- TMPL_VAR NAME="supplierid" -->">Receive</a> /'
                        + '<a href="parcel.pl?type=intra&amp;ordernumber=' + order.ordernumber + '&amp;biblionumber=' + order.biblionumber + '&amp;action=cancelorder&amp;supplierid=<!-- TMPL_VAR NAME="supplierid" -->&amp;datereceived=<!-- TMPL_VAR NAME="invoicedatereceived" -->&amp;invoice=<!-- TMPL_VAR NAME="invoice" -->" onclick="return confirm(\'' + _('Are you sure you want to cancel this order?') + '\');">Cancel</a>'
                        + '</td></tr>').appendTo("table#pendingt");
 				}
@@ -109,7 +109,7 @@
 
 	return false;
     }
-    
+
     // Clear already applied filters
     function clearFilters() {
 	$("#nothingfoundrow").remove();
@@ -132,7 +132,7 @@
         <!-- /TMPL_IF --></div>
 
 <div id="doc3" class="yui-t2">
-   
+
    <div id="bd">
 	<div id="yui-main">
 	<div class="yui-b">
@@ -213,7 +213,7 @@
                 <td><!-- TMPL_VAR NAME="ecost" --></td>
                 <td><!-- TMPL_VAR NAME="ordertotal" --></td>
 				<td>
-				    <a href="orderreceive.pl?ordernumber=<!-- TMPL_VAR NAME="ordernumber" -->&amp;datereceived=<!-- TMPL_VAR NAME="invoicedatereceived" -->&amp;invoice=<!-- TMPL_VAR NAME="invoice" -->&amp;gst=<!-- TMPL_VAR NAME="gst" -->&amp;freight=<!-- TMPL_VAR NAME="freight" -->&amp;supplierid=<!-- TMPL_VAR NAME="supplierid" -->">Receive</a> / 
+				    <a href="orderreceive.pl?ordernumber=<!-- TMPL_VAR NAME="ordernumber" -->&amp;datereceived=<!-- TMPL_VAR NAME="invoicedatereceived" -->&amp;invoice=<!-- TMPL_VAR NAME="invoice" -->&amp;gst=<!-- TMPL_VAR NAME="gst" -->&amp;freight=<!-- TMPL_VAR NAME="freight" -->&amp;supplierid=<!-- TMPL_VAR NAME="supplierid" -->">Receive</a> /
 				    <a href="parcel.pl?type=intra&amp;ordernumber=<!-- TMPL_VAR NAME="ordernumber" -->&amp;biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->&amp;action=cancelorder&amp;supplierid=<!-- TMPL_VAR NAME="supplierid" -->&amp;datereceived=<!-- TMPL_VAR NAME="invoicedatereceived" -->&amp;invoice=<!-- TMPL_VAR NAME="invoice" -->" onclick="return confirm(_('Are you sure you want to cancel this order?'));">Cancel</a>
 				</td>
             </tr>
@@ -294,7 +294,7 @@
         <!-- /TMPL_UNLESS -->
                 <td><a href="/cgi-bin/koha/acqui/basket.pl?basketno=<!-- TMPL_VAR NAME="basketno" -->"><!-- TMPL_VAR NAME="basketno" --></a></td>
                 <td><a href="neworderempty.pl?ordernumber=<!-- TMPL_VAR NAME="ordernumber" -->&amp;booksellerid=<!-- TMPL_VAR NAME="supplierid" -->"><!-- TMPL_VAR NAME="ordernumber" --></a></td>
-                <td><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR name="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a>
+                <td><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR name="biblionumber" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a>
                 <!-- TMPL_IF NAME="author" --> / <!-- TMPL_VAR NAME="author" --><!--/TMPL_IF-->
                 <!-- TMPL_IF NAME="isbn" --> - <!-- TMPL_VAR NAME="isbn" --><!--/TMPL_IF-->
                 <!-- TMPL_IF NAME="publishercode" --><br />Publisher :<!-- TMPL_VAR NAME="publishercode" --><!--/TMPL_IF-->
@@ -347,4 +347,4 @@
 <!-- TMPL_INCLUDE NAME="acquisitions-menu.inc" -->
 </div>
 </div>
-<!-- TMPL_INCLUDE NAME="intranet-bottom.inc" --> 
+<!-- TMPL_INCLUDE NAME="intranet-bottom.inc" -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/z3950_search.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/z3950_search.tmpl
index c923b4f..f9f96ae 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/z3950_search.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/z3950_search.tmpl
@@ -2,15 +2,15 @@
 <title>Koha &rsaquo; Acquisitions &rsaquo; Z39.50 Search Results</title>
 <!-- TMPL_INCLUDE NAME="greybox.inc" -->
 <!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
-<script type="text/javascript" src="<!-- TMPL_VAR name="themelang" -->/lib/jquery/plugins/jquery.checkboxes.pack.js"></script>
+<script type="text/javascript" src="<!-- TMPL_VAR name="themelang" -->/lib/jquery/plugins/jquery.checkboxes.min.js"></script>
 <script type="text/javascript" src="<!-- TMPL_VAR name="themelang" -->/lib/jquery/plugins/jquery.tablesorter.min.js"></script>
 <script type="text/javascript">
 //<![CDATA[
 $.tablesorter.addParser({
-    id: 'articles', 
-    is: function(s) {return false;  }, 
-    format: function(s) { return s.toLowerCase().replace(/^(the|an|a) /,''); }, 
-    type: 'text' 
+    id: 'articles',
+    is: function(s) {return false;  },
+    format: function(s) { return s.toLowerCase().replace(/^(the|an|a) /,''); },
+    type: 'text'
 });
 
 	$(document).ready(function(){
@@ -25,7 +25,7 @@ $.tablesorter.addParser({
 	$("#resultst").tablesorter({
 		sortList: [[1,0]],
 		headers: { 0: {sorter:false}, 1: { sorter: 'articles' },5: { sorter: false },6: { sorter: false }}
-	}); 
+	});
 });
 //]]>
 </script>
@@ -37,7 +37,7 @@ $.tablesorter.addParser({
 <!-- TMPL_INCLUDE NAME="header.inc" -->
 <!-- TMPL_INCLUDE NAME="acquisitions-search.inc" -->
 
-<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo; order from z3950 search</div>
+<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo; Order from Z39.50 search</div>
 <div id="custom-doc" class="yui-t7">
       <div id="bd">
 	  <!-- TMPL_IF name="opsearch" -->
@@ -46,8 +46,8 @@ $.tablesorter.addParser({
     <input type="hidden" name="op" id="op" value="do_search" />
 	<div class="yui-g">
     <div class="yui-u first">
-	    <fieldset class="rows"> 
-		 <ol><li><label for="title">Title: </label> <input type="text" id="title"  name="title" value="<!-- TMPL_VAR NAME="title" -->" /></li>
+	    <fieldset class="rows">
+		 <ol><li><label for="searchtitle">Title: </label> <input type="text" id="searchtitle"  name="title" value="<!-- TMPL_VAR NAME="title" ESCAPE="html" -->" /></li>
 		 <li><label for="isbn">ISBN/ISSN: </label> <input type="text" id="isbn" name="isbn" value="<!-- TMPL_VAR NAME="isbn" -->" /></li>
 		 <li><label for="lccall">LC Call Number: </label> <input type="text" id="lccall" name="lccall" value="" /></li></ol>
 		</fieldset>
@@ -82,17 +82,18 @@ $.tablesorter.addParser({
 <h2>Search targets <span style="display: inline; font-size: 70%; padding-left: 1em;"><span class="checkall"><a id="CheckAll" href="#">Select All</a></span><span class="clearall"><a id="CheckNone" href="#">Clear All</a></span></span></h2>
 
     <!-- TMPL_LOOP name="serverloop" -->
-        <p> 
+        <p>
             <!-- TMPL_IF name="checked" -->
                 <input type="checkbox" name="id" id="z3950_<!-- TMPL_VAR NAME="id" -->" value="<!-- TMPL_VAR NAME="id" -->" checked="checked" />
             <!-- TMPL_ELSE -->
                 <input type="checkbox" name="id" id="z3950_<!-- TMPL_VAR NAME="id" -->" value="<!-- TMPL_VAR NAME="id" -->" />
             <!-- /TMPL_IF -->
-            <label for="z3950_<!-- TMPL_VAR NAME="id" -->"><!-- TMPL_VAR NAME="name" --> [<!-- TMPL_VAR NAME="host" -->]</label>  
+            <label for="z3950_<!-- TMPL_VAR NAME="id" -->"><!-- TMPL_VAR NAME="name" --> [<!-- TMPL_VAR NAME="host" -->]</label>
 
         </p>
     <!-- /TMPL_LOOP -->
     <fieldset class="action"><input type="submit"  class="submit" value="Search" onclick="cursor :'wait'"/> <a class="cancel close" href="#">Cancel</a></fieldset>
+    </div>
     </form>
 
 
@@ -111,15 +112,15 @@ $.tablesorter.addParser({
     </tr></thead>
     <tbody><!-- TMPL_LOOP name="breeding_loop" -->
         <!-- TMPL_IF NAME="breedingid" -->
-		
+
         <!-- TMPL_IF NAME="toggle" --><tr class="highlight"><!-- TMPL_ELSE --><tr><!-- /TMPL_IF -->
             <td><!-- TMPL_VAR name="server" --></td>
-            <td><!-- TMPL_VAR NAME="title" --></td>
+            <td><!-- TMPL_VAR NAME="title" ESCAPE="html" --></td>
             <td><!-- TMPL_VAR NAME="author" --></td>
             <td><!-- TMPL_VAR NAME="isbn" --></td>
             <td><!-- TMPL_VAR NAME="lccn" --></td>
             <td><a href="/cgi-bin/koha/catalogue/showmarc.pl?importid=<!-- TMPL_VAR NAME="breedingid" -->" title="MARC" rel="gb_page_center[600,500]">MARC</a></td><td><a href="/cgi-bin/koha/catalogue/showmarc.pl?viewas=card&importid=<!-- TMPL_VAR NAME="breedingid" -->" title="MARC" rel="gb_page_center[600,500]">Card</a></td>
-			<td><a href="/cgi-bin/koha/acqui/neworderempty.pl?frameworkcode=<!-- TMPL_VAR name="frameworkcode" -->&breedingid=<!-- TMPL_VAR NAME="breedingid" -->&booksellerid=<!-- TMPL_VAR name="booksellerid" -->&basketno=<!-- TMPL_VAR name="basketno" -->">Order</a></td> 
+			<td><a href="/cgi-bin/koha/acqui/neworderempty.pl?frameworkcode=<!-- TMPL_VAR name="frameworkcode" -->&breedingid=<!-- TMPL_VAR NAME="breedingid" -->&booksellerid=<!-- TMPL_VAR name="booksellerid" -->&basketno=<!-- TMPL_VAR name="basketno" -->">Order</a></td>
 
         </tr>
         <!-- /TMPL_IF -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/basket.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/basket.tmpl
index 4580103..8cf9c5b 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/basket.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/basket.tmpl
@@ -5,7 +5,7 @@
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <link rel="shortcut icon" href="<!-- TMPL_VAR NAME="themelang" -->/includes/favicon.ico" type="image/x-icon" />
 <meta http-equiv="Content-Language" content="en-us" />
-<style type="text/css"> 
+<style type="text/css">
     @import url(<!-- TMPL_VAR NAME="themelang" -->/css/print.css);
 </style>
     <!-- TMPL_ELSE --><!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
@@ -14,14 +14,14 @@
 	<script type="text/javascript">
 	//<![CDATA[
 
-$(document).ready(function() 
-    { 
+$(document).ready(function()
+    {
         $("#itemst").tablesorter({
                         headers: { 0: { sorter: false }}
-                }); 
-    } 
-); 
-    
+                });
+    }
+);
+
 
 function placeHold () {
     var checkedItems = $("input:checkbox:checked");
@@ -91,9 +91,9 @@ function tagAdded() {
 		var checked = [];
 		$("#bookbag_form").checkCheckboxes("*", true).each(
 		    function() {
-				selRecord(this.value,true); 
+				selRecord(this.value,true);
 			}
-		); 
+		);
 	        return false;
 	    });
 	    $("#CheckNone").click(function(){
@@ -119,7 +119,7 @@ function tagAdded() {
         <!-- /TMPL_IF -->
 	});
 
-   
+
 	//]]>
 	</script>
 	<!-- /TMPL_IF -->
@@ -195,7 +195,7 @@ function tagAdded() {
     <!-- TMPL_LOOP NAME="BIBLIO_RESULTS" -->
     <h3>
         <!-- TMPL_IF NAME="print_basket" -->
-            <!-- TMPL_VAR NAME="title" -->
+            <!-- TMPL_VAR NAME="title" ESCAPE="html" -->
                 <!-- TMPL_IF name="subtitle" --> <!-- TMPL_VAR NAME="subtitle" --><!-- /TMPL_IF -->
                 <!-- TMPL_IF name="author" --> <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF -->
         <!-- TMPL_ELSE -->
@@ -234,7 +234,7 @@ function tagAdded() {
 	    </td>
         </tr>
         <!-- /TMPL_IF -->
-        
+
         <!-- TMPL_IF NAME="publishercode" -->
             <tr>
                 <th scope="row">Publisher</th>
@@ -254,7 +254,7 @@ function tagAdded() {
             <td> <!-- TMPL_VAR NAME="seriestitle" --></td>
         </tr>
         <!-- /TMPL_IF -->
-        
+
         <!-- TMPL_IF name="MARCSUBJCTS" -->
         <tr>
             <th scope="row">Subject(s)</th>
@@ -265,13 +265,13 @@ function tagAdded() {
                 <!-- /TMPL_LOOP --></td>
         </tr>
         <!-- /TMPL_IF -->
-    
+
         <!-- TMPL_IF name="copyrightdate" -->
             <tr><th scope="row">Copyright</th>
                 <td> <!-- TMPL_VAR NAME="copyrightdate" --></td>
             </tr>
         <!-- /TMPL_IF -->
-    
+
         <!-- TMPL_IF name="MARCNOTES" -->
         <tr>
             <th scope="row">Notes</th>
@@ -281,7 +281,7 @@ function tagAdded() {
             <!-- /TMPL_LOOP --></td>
         </tr>
         <!-- /TMPL_IF -->
-    
+
         <!-- TMPL_IF name="unititle" -->
         <tr>
             <th scope="row">Unified title</th>
@@ -312,20 +312,20 @@ function tagAdded() {
             <td> <!-- TMPL_VAR name="lccn" --></td>
         </tr>
         <!-- /TMPL_IF -->
-		
+
         <!-- TMPL_IF name="MARCURLS" -->
         <tr>
             <th scope="row">URL(s)</th>
             <td>
 	   <!-- TMPL_LOOP name="MARCURLS" -->
 		<p><!-- TMPL_IF NAME="part" --><!-- TMPL_VAR NAME="part" -->
-			<br /><!-- /TMPL_IF --> 
-	
+			<br /><!-- /TMPL_IF -->
+
 		<!-- TMPL_VAR NAME="MARCURL" -->
 			<!-- TMPL_IF NAME="notes" --><!-- TMPL_LOOP NAME="notes" --><!-- TMPL_VAR NAME="note" --><br /><!-- /TMPL_LOOP --><!-- /TMPL_IF -->
             <!-- /TMPL_LOOP --></p></td>
         </tr><!-- /TMPL_IF -->
-		
+
         <tr>
             <th scope="row">Location(s)</th>
             <td><!-- TMPL_IF NAME="ITEM_RESULTS" --><!-- TMPL_LOOP NAME="ITEM_RESULTS" -->
@@ -345,10 +345,10 @@ function tagAdded() {
 <!-- TMPL_UNLESS NAME="print_basket" -->
 <p style="border-top : 1px solid #E8E8E8;">
 	<form action="/cgi-bin/koha/basket/basket.pl" method="get" name="bookbag_form" id="bookbag_form">
-    <a id="CheckAll" href="#">Select All</a> 
+    <a id="CheckAll" href="#">Select All</a>
     <a id="CheckNone" href="#">Clear All</a>
     | <b>Selected items :</b>
-<span id="tag_hides">                
+<span id="tag_hides">
 <a href="#" onclick="delSelRecords(); return false;">Remove</a>
 
 <!-- TMPL_IF NAME="loggedinusername" -->
@@ -386,7 +386,7 @@ function tagAdded() {
             <!-- /TMPL_IF -->
             <!-- TMPL_UNLESS NAME="print_basket" --><td>
                         <input type="checkbox" value="<!-- TMPL_VAR NAME="biblionumber" -->" name="bib<!-- TMPL_VAR NAME="biblionumber" -->" id="bib<!-- TMPL_VAR NAME="biblionumber" -->" onclick="selRecord(value,checked);" />
-                   
+
                 </td> <!-- /TMPL_UNLESS -->
             <td><a href="#" onclick="openBiblio('<!-- TMPL_VAR name="dest" -->',<!-- TMPL_VAR name="biblionumber" -->)">
                         <!-- TMPL_VAR NAME="title" escape="html" -->
@@ -403,7 +403,7 @@ function tagAdded() {
 						    <!-- COinS / OpenURL -->
     <span class="Z3988" title="ctx_ver=Z39.88-2004&amp;rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&amp;rft.au=<!-- TMPL_VAR NAME="author" -->&amp;rft.btitle=<!-- TMPL_VAR NAME="title" ESCAPE="url" -->&amp;rft.date=<!-- TMPL_VAR NAME="publicationyear" -->&amp;rft.tpages=<!-- TMPL_VAR NAME="size" -->&amp;rft.isbn=<!-- TMPL_VAR NAME="isbn"  ESCAPE="url" -->&amp;rft.aucorp=&amp;rft.place=<!-- TMPL_VAR NAME="place" -->&amp;rft.pub=<!-- TMPL_VAR NAME="publisher" ESCAPE="url" -->&amp;rft.edition=<!-- TMPL_VAR NAME="edition" -->&amp;rft.series=<!-- TMPL_VAR NAME="series" -->&amp;rft.genre="></span>
     <div id="newtag<!-- TMPL_VAR NAME="biblionumber">_status" class="tagstatus results_summary" style="display:none">Tag status here.</div>
-    
+
 						</td>
             <td><!-- TMPL_VAR name="description" --></td>
                 <td><!-- TMPL_IF NAME="ITEM_RESULTS" --><!-- TMPL_LOOP NAME="ITEM_RESULTS" -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detailprint.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detailprint.tmpl
index 3eeda65..060bbc6 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detailprint.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detailprint.tmpl
@@ -1,5 +1,5 @@
 <!-- TMPL_INCLUDE NAME="doc-head-open.inc" -->
-<title>Koha &rsaquo; Catalog &rsaquo; Details for <!-- TMPL_VAR NAME="title" --></title>
+<title>Koha &rsaquo; Catalog &rsaquo; Details for <!-- TMPL_VAR NAME="title" ESCAPE="html" --></title>
 <!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
 <link rel="stylesheet" href="<!-- TMPL_VAR NAME="themelang" -->/css/print.css" />
 </head>
@@ -22,7 +22,7 @@
 			<!-- TMPL_IF name="subject" --><tr><th>Subject: </th><td><!-- TMPL_VAR NAME="subject" --></td></tr><!-- /TMPL_IF -->
 			<!-- TMPL_IF name="copyrightdate" --><tr><th>Copyright Date: </th><td> <!-- TMPL_VAR NAME="copyrightdate" --></td></tr><!-- /TMPL_IF -->
 			<!-- TMPL_IF name="notes" --><tr><th>Notes: </th><td><!-- TMPL_VAR NAME="notes" --></td></tr><!-- /TMPL_IF -->
-			<!-- TMPL_IF name="unititle" --><tr><th>Unititle: </th><td><!-- TMPL_VAR NAME="unititle" --></td></tr><!-- /TMPL_IF --> 
+			<!-- TMPL_IF name="unititle" --><tr><th>Unititle: </th><td><!-- TMPL_VAR NAME="unititle" --></td></tr><!-- /TMPL_IF -->
 			<!-- TMPL_IF name="dewey" --><tr><th>Dewey: </th><td><!-- TMPL_VAR name="dewey" --></td></tr><!-- /TMPL_IF -->
 			<!-- TMPL_IF name="classification" --><tr><th>Classification: </th><td> <!-- TMPL_VAR name="classification" --></td></tr><!-- /TMPL_IF -->
 			<!-- TMPL_IF name="lccn" --><tr><th>LCCN: </th><td><!-- TMPL_VAR name="lccn" --></td></tr><!-- /TMPL_IF -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/issuehistory.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/issuehistory.tmpl
index 5c9fd57..2d97d5d 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/issuehistory.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/issuehistory.tmpl
@@ -1,5 +1,5 @@
 <!-- TMPL_INCLUDE NAME="doc-head-open.inc" -->
-<title>Koha &rsaquo; Catalog &rsaquo; Checkout History for <!-- TMPL_VAR NAME="title" --></title>
+<title>Koha &rsaquo; Catalog &rsaquo; Checkout History for <!-- TMPL_VAR NAME="title" ESCAPE="html" --></title>
 <!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
 </head>
 <body>
@@ -10,7 +10,7 @@
 <div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/catalogue/search.pl">Catalog</a>  &rsaquo; Checkout History for <i><!-- TMPL_VAR NAME="title" escape="html" --></i></div>
 
 <div id="doc3" class="yui-t2">
-   
+
    <div id="bd">
 	<div id="yui-main">
 	<div class="yui-b">
@@ -78,7 +78,7 @@
     <!-- TMPL_ELSE -->
         <p>
         <b><!-- TMPL_VAR NAME="title" escape="html" -->(<!-- TMPL_VAR NAME="author" -->)</b> <span class="problem">has never been checked out.</span></p>
-        
+
     <!-- /TMPL_IF -->
 </div>
 
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tmpl
index 4b88ecc..72c9b0b 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/moredetail.tmpl
@@ -11,7 +11,7 @@
 <div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/catalogue/search.pl">Catalog</a>  &rsaquo; Item Details for <i><!-- TMPL_LOOP NAME="BIBITEM_DATA" --><!-- TMPL_VAR NAME="title" escape="html" --><!-- /TMPL_LOOP --></i></div>
 
 <div id="doc3" class="yui-t2">
-   
+
    <div id="bd">
     <div id="yui-main">
     <div class="yui-b">
@@ -48,18 +48,18 @@
 	    <!-- TMPL_IF NAME="item-level_itypes" -->
             <li><span class="label">Item type:</span> <!-- TMPL_VAR NAME="itype" -->&nbsp;</li>
 	    <!-- /TMPL_IF -->
-            <!-- TMPL_IF NAME="collection" --><li><span class="label">Collection:</span> <!-- TMPL_VAR NAME="collection" --></li> <!-- /TMPL_IF -->  
+            <!-- TMPL_IF NAME="collection" --><li><span class="label">Collection:</span> <!-- TMPL_VAR NAME="collection" --></li> <!-- /TMPL_IF -->
             <li><span class="label">Item Callnumber:</span> <!-- TMPL_VAR NAME="itemcallnumber" -->&nbsp;</li>
-            <!-- TMPL_IF NAME="copyvol" --><li><span class="label">Copy / Vol :</span> <!-- TMPL_VAR NAME="copyvol" -->&nbsp;</li> <!-- /TMPL_IF -->  
+            <!-- TMPL_IF NAME="copyvol" --><li><span class="label">Copy / Vol :</span> <!-- TMPL_VAR NAME="copyvol" -->&nbsp;</li> <!-- /TMPL_IF -->
             <!-- TMPL_IF NAME="replacementprice" --><li><span class="label">Replacement Price:</span> <!-- TMPL_VAR NAME="replacementprice" -->&nbsp;</li> <!-- /TMPL_IF -->
             </ol></div>
-           <div class="listgroup"><h4>Statuses <!-- TMPL_IF NAME="status_advisory" -->( 
+           <div class="listgroup"><h4>Statuses <!-- TMPL_IF NAME="status_advisory" -->(
                 <!-- TMPL_IF name="notforloantext" --><!-- TMPL_VAR name="notforloantext" --> <!-- /TMPL_IF -->
-                <!-- TMPL_IF name="itemlost"-->Lost<!-- /TMPL_IF --> 
+                <!-- TMPL_IF name="itemlost"-->Lost<!-- /TMPL_IF -->
                 <!-- TMPL_IF NAME="damaged" -->Damaged<!-- /TMPL_IF -->
                 <!-- TMPL_IF NAME="wthdrawn" -->Withdrawn<!-- /TMPL_IF -->
             )<!-- /TMPL_IF --></h4>
-            
+
             <ol class="bibliodetails">
             <li><span class="label">Current Location:</span> <!-- TMPL_VAR NAME="holdingbranchname" -->&nbsp;</li>
             <li><span class="label">Checkout Status:</span> <!-- TMPL_IF NAME="issue" -->Checked out to <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->"><!-- TMPL_VAR NAME="cardnumber" --></a>, Due back on <!-- TMPL_VAR NAME="datedue" --><!-- TMPL_ELSE -->Not Checked out <!-- /TMPL_IF --></li>
@@ -141,13 +141,13 @@
 
                 <li><span class="label">
                 <!-- TMPL_IF NAME="CAN_user_editcatalogue_edit_catalogue" -->
-                
-                    Accession Date:</span> 
+
+                    Accession Date:</span>
                     <!-- TMPL_IF NAME="basketno" -->
                     <a href="/cgi-bin/koha/acqui/basket.pl?basketno=<!-- TMPL_VAR NAME="basketno" -->"><!-- TMPL_VAR NAME="dateaccessioned" --></a>
                     <!-- TMPL_ELSE -->
                     <!-- TMPL_VAR NAME="dateaccessioned" -->
-                    <!-- /TMPL_IF --> 
+                    <!-- /TMPL_IF -->
                 <!-- TMPL_ELSE -->
                     <!-- TMPL_VAR NAME="dateaccessioned" -->
                 <!-- /TMPL_IF --> </li>
@@ -166,7 +166,7 @@
                 <!-- TMPL_IF NAME="CAN_user_circulate" -->
               <form class="inline" action="updateitem.pl" method="post"><input type="hidden" name="biblionumber" value="<!-- TMPL_VAR Name="biblionumber" -->" />
                     <input type="hidden" name="biblioitemnumber" value="<!-- TMPL_VAR Name="biblioitemnumber" -->" /><input type="hidden" name="itemnumber" value="<!-- TMPL_VAR Name="itemnumber" -->" />
-                    <textarea name="itemnotes" rows="2" cols="30"><!-- TMPL_VAR NAME="itemnotes" --></textarea><input type="submit" name="submit" class="submit" value="Update" /> 
+                    <textarea name="itemnotes" rows="2" cols="30"><!-- TMPL_VAR NAME="itemnotes" --></textarea><input type="submit" name="submit" class="submit" value="Update" />
               </form>
             </li>
             </ol>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbooks.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbooks.tmpl
index ff09a92..2c217b3 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbooks.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbooks.tmpl
@@ -15,12 +15,12 @@
 <div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; Cataloging</div>
 
 <div id="doc" class="yui-t7">
-   
+
    <div id="bd">
 	<div id="yui-main">
-	
+
 <!-- TMPL_INCLUDE NAME="cataloging-toolbar.inc" -->
-	
+
 	<!-- TMPL_IF name="noitemsfound" -->
 		No results found
 	<!-- /TMPL_IF -->
@@ -48,7 +48,7 @@
         <!-- /TMPL_IF -->
             <td>
                 <p>
-                    <a href="/cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=<!-- TMPL_VAR name="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a>
+                    <a href="/cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=<!-- TMPL_VAR name="biblionumber" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a>
                 <!--TMPL_LOOP Name="subtitle"--><!-- TMPL_VAR NAME="subfield" --><!--/TMPL_LOOP--></p>
                 <!-- TMPL_IF name="summary" -->
                     <p><!-- TMPL_VAR name="summary" --></p>
@@ -101,7 +101,7 @@
                 <td><!-- TMPL_IF NAME="CAN_user_editcatalogue_edit_catalogue"--><a href="/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->">Edit biblio</a>
 					<!-- TMPL_ELSE --><a href="/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->" class="disabled" onclick="return false;">Edit biblio</a>
 					<!-- /TMPL_IF -->
-                    
+
                 </td>
                 <td>
                     <a href="/cgi-bin/koha/cataloguing/additem.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->">Add holdings</a>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/branchoverdues.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/branchoverdues.tmpl
index 3299030..072a87f 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/branchoverdues.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/branchoverdues.tmpl
@@ -9,7 +9,7 @@
 <div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/circ/circulation-home.pl">Circulation</a> &rsaquo; Overdues at <!-- TMPL_VAR NAME="LoginBranchname" --></div>
 
 <div id="doc" class="yui-t7">
-   
+
    <div id="bd">
 	<div id="yui-main">
 	<div class="yui-g">
@@ -42,7 +42,7 @@
 <!-- /TMPL_IF -->
     <!-- TMPL_IF name="overduesloop" -->
         <table style="width:100%;">
-        <tr>	
+        <tr>
             <th>Date due</th>
             <th>Title</th>
             <th>Patron</th>
@@ -67,7 +67,7 @@
                     </td>
                     <td>
                         <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!--TMPL_VAR Name="borrowernumber"-->"><!-- TMPL_VAR NAME="borrowersurname" --> &nbsp; <!-- TMPL_VAR NAME="borrowerfirstname" --></a><br /><!-- TMPL_VAR NAME="borrowerphone" --><br />
-                    <!-- TMPL_IF NAME="borroweremail" --><a href="mailto:<!-- TMPL_VAR NAME="borroweremail" -->?subject=Overdue: <!-- TMPL_VAR NAME="title" -->">
+                    <!-- TMPL_IF NAME="borroweremail" --><a href="mailto:<!-- TMPL_VAR NAME="borroweremail" -->?subject=Overdue: <!-- TMPL_VAR NAME="title" ESCAPE="html" -->">
                     <!-- TMPL_VAR NAME="borroweremail" --></a><!--/TMPL_IF-->
                     </td>
                     <td><!-- TMPL_VAR NAME="homebranch" --> <!-- TMPL_VAR NAME="itemcallnumber" -->
@@ -99,16 +99,16 @@
                             <a href="branchoverdues.pl?action=add&amp;borrowernumber=<!-- TMPL_VAR NAME="borrowernumber"-->&amp;itemnumber=<!-- TMPL_VAR NAME="itemnumber" -->&amp;method=letter&amp;location=<!-- TMPL_VAR NAME="location" -->&amp;overduelevel=<!-- TMPL_VAR NAME="overdueLevel" -->
                             &amp;notifyId=<!-- TMPL_VAR NAME="notify_id" -->">Notice</a>
                     <!-- /TMPL_IF -->
-                    
+
                     <!-- TMPL_IF NAME="overdue2" -->
                         <a href="branchoverdues.pl?action=add&amp;borrowernumber=<!-- TMPL_VAR NAME="borrowernumber"-->&amp;itemnumber=<!-- TMPL_VAR NAME="itemnumber" -->&amp;method=letter&amp;location=<!-- TMPL_VAR NAME="location" -->&amp;overduelevel=<!-- TMPL_VAR NAME="overdueLevel" -->&amp;notifyId=<!-- TMPL_VAR NAME="notify_id" -->">Notice</a>
                     <!-- /TMPL_IF -->
-                    
+
                     <!-- TMPL_IF NAME="overdue3" -->
                     <a href="branchoverdues.pl?action=add&amp;borrowernumber=<!-- TMPL_VAR NAME="borrowernumber"-->&amp;itemnumber=<!-- TMPL_VAR NAME="itemnumber" -->&amp;method=lost&amp;location=<!-- TMPL_VAR NAME="location" -->&amp;overduelevel=<!-- TMPL_VAR NAME="overdueLevel" -->
                     &amp;notifyId=<!-- TMPL_VAR NAME="notify_id" -->">Considered lost</a>
                     <!-- /TMPL_IF -->
-                    
+
                     </td>
                 </tr>
             <!-- /TMPL_LOOP -->
@@ -127,7 +127,7 @@
                 <th>Location</th>
                 <th>Overdue status</th>
                 <th>Notified by</th>
-                <th>Cancel</th>			
+                <th>Cancel</th>
             </tr>
                 <!-- TMPL_LOOP NAME="todayoverduesloop" -->
                     <tr>
@@ -145,7 +145,7 @@
                         </td>
                         <td>
                             <p><a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!--TMPL_VAR Name="borrowernumber"-->"><!-- TMPL_VAR NAME="borrowersurname" --> &nbsp; <!-- TMPL_VAR NAME="borrowerfirstname" --></a><br /><!-- TMPL_VAR NAME="borrowerphone" --><br />
-                        <!-- TMPL_IF NAME="borroweremail" --><a href="mailto:<!-- TMPL_VAR NAME="borroweremail" -->?subject=Overdue: <!-- TMPL_VAR NAME="title" -->">
+                        <!-- TMPL_IF NAME="borroweremail" --><a href="mailto:<!-- TMPL_VAR NAME="borroweremail" -->?subject=Overdue: <!-- TMPL_VAR NAME="title" ESCAPE="html" -->">
                         <!-- TMPL_VAR NAME="borroweremail" --></a><!--/TMPL_IF-->
                             </p>
                         </td>
@@ -167,7 +167,7 @@
                         <td align="center">
                             <b><!-- TMPL_VAR NAME="notify_method" --></b>
                         </td>
-                    
+
                         <td>
                         <a href="branchoverdues.pl?action=remove&amp;borrowernumber=<!-- TMPL_VAR NAME="borrowernumber"-->&amp;itemnumber=<!-- TMPL_VAR NAME="itemnumber" -->&amp;method=phone&amp;location=<!-- TMPL_VAR NAME="location" -->&amp;notify_date=<!-- TMPL_VAR NAME="notify_date" -->">Cancel notification</a>
                         </td>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/overdue.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/overdue.tmpl
index c643760..1d0afa3 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/overdue.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/overdue.tmpl
@@ -95,9 +95,9 @@
 
 <p>
     <!-- TMPL_IF NAME="isfiltered" -->
-      <a href="overdue.pl?op=csv&amp;<!-- TMPL_VAR name="csv_param_string" escape="HTML" -->">Download file of displayed overdues</a> 
+      <a href="overdue.pl?op=csv&amp;<!-- TMPL_VAR name="csv_param_string" escape="HTML" -->">Download file of displayed overdues</a>
     <!-- TMPL_ELSE -->
-      <a href="overdue.pl?op=csv">Download file of all overdues</a> 
+      <a href="overdue.pl?op=csv">Download file of all overdues</a>
     <!-- /TMPL_IF -->
 </p>
 <div class="sql"><pre><!-- TMPL_VAR NAME="sql" ESCAPE="HTML" --></pre></div>
@@ -116,15 +116,15 @@
     <tr>
         <td><!-- TMPL_VAR NAME="duedate" --></td>
         <td><a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR name="borrowernumber"-->"><!-- TMPL_VAR NAME="name" --></a>
-        <!-- TMPL_IF NAME="email" -->[<a href="mailto:<!-- TMPL_VAR NAME="email" -->?subject=Overdue: <!-- TMPL_VAR NAME="title" -->">email</a>]<!-- /TMPL_IF -->
+        <!-- TMPL_IF NAME="email" -->[<a href="mailto:<!-- TMPL_VAR NAME="email" -->?subject=Overdue: <!-- TMPL_VAR NAME="title" ESCAPE="html" -->">email</a>]<!-- /TMPL_IF -->
         (<!--TMPL_IF NAME="phone" --><!-- TMPL_VAR NAME="phone" --><!-- TMPL_ELSIF NAME="mobile" --><!-- TMPL_VAR NAME="mobile" --><!-- TMPL_ELSIF NAME="phonepro" --><!-- TMPL_VAR NAME="phonepro" --><!-- /TMPL_IF -->)</td>
         <td><!-- TMPL_VAR name="branchcode" --></td>
         <td><!-- TMPL_IF name="BiblioDefaultViewmarc" -->
-<a href="/cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" ESCAPE="URL" -->"><!-- TMPL_VAR NAME="title" escape="html" --></a>
+<a href="/cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" ESCAPE="URL" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" escape="html" --></a>
 <!-- TMPL_ELSIF NAME="BiblioDefaultViewisbd" -->
-<a href="/cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" ESCAPE="URL" -->"><!-- TMPL_VAR NAME="title" escape="html" --></a>
+<a href="/cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" ESCAPE="URL" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" escape="html" --></a>
 <!-- TMPL_ELSE -->
-<a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" ESCAPE="URL" -->"><!-- TMPL_VAR NAME="title" escape="html" -->  <!-- TMPL_VAR NAME="subtitle" --></a><!-- /TMPL_IF --> <!-- TMPL_IF NAME="author" -->, by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF -->
+<a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" ESCAPE="URL" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" escape="html" -->  <!-- TMPL_VAR NAME="subtitle" --></a><!-- /TMPL_IF --> <!-- TMPL_IF NAME="author" -->, by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF -->
         </td>
 		<td><a href="/cgi-bin/koha/catalogue/moredetail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->&amp;itemnumber=<!-- TMPL_VAR NAME="itemnum" -->#item<!-- TMPL_VAR NAME="itemnum" -->"><!-- TMPL_VAR name="barcode" --></a></td>
 		<td><!-- TMPL_VAR name="itemcallnumber" --></td>
@@ -229,7 +229,7 @@
 	<!-- /TMPL_LOOP -->
 </select></li>
 
-<li class="radio"><label for="showall">Show any items currently issued:</label> 
+<li class="radio"><label for="showall">Show any items currently issued:</label>
 	<!-- TMPL_IF NAME="showall" -->
             <input type="checkbox" id="showall" name="showall" value="show" checked="checked" />
     <!-- TMPL_ELSE -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/transferstoreceive.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/transferstoreceive.tmpl
index 6b036af..8ee68eb 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/transferstoreceive.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/transferstoreceive.tmpl
@@ -5,19 +5,19 @@
 <script type="text/javascript" language="JavaScript">
 //<![CDATA[
 $.tablesorter.addParser({
-    id: 'articles', 
-    is: function(s) {return false;  }, 
-    format: function(s) { return s.toLowerCase().replace(/^(the|an|a) /,''); }, 
-    type: 'text' 
+    id: 'articles',
+    is: function(s) {return false;  },
+    format: function(s) { return s.toLowerCase().replace(/^(the|an|a) /,''); },
+    type: 'text'
 });
 $(document).ready(function() {
     <!-- TMPL_LOOP NAME="branchesloop" -->
-    $.tablesorter.defaults.widgets = ['zebra']; 
+    $.tablesorter.defaults.widgets = ['zebra'];
     $("#transferst<!-- TMPL_VAR NAME="branchcode" -->").tablesorter({<!-- TMPL_IF ="dateformat_metric" -->
         dateFormat: 'uk',<!-- /TMPL_IF -->
         sortList: [[1,0]],
         headers: { 1: { sorter: 'articles' },4:{sorter:false}}
-    }); 
+    });
     <!-- /TMPL_LOOP -->
 });
 //]]>
@@ -30,7 +30,7 @@ $(document).ready(function() {
 <div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/circ/circulation-home.pl">Circulation</a>  &rsaquo; Transfers to your library</div>
 
 <div id="doc" class="yui-t7">
-   
+
    <div id="bd">
 	<div id="yui-main">
 	<div class="yui-g">
@@ -73,7 +73,7 @@ $(document).ready(function() {
                         </a>
                         <br /><!-- TMPL_VAR NAME="borrowerphone" --><br />
                             <!-- TMPL_IF NAME="borrowermail" -->
-                                <a href="mailto:<!-- TMPL_VAR NAME="email" -->?subject=Reservation: <!-- TMPL_VAR NAME="title" -->">
+                                <a href="mailto:<!-- TMPL_VAR NAME="email" -->?subject=Reservation: <!-- TMPL_VAR NAME="title" ESCAPE="html" -->">
                                     <!-- TMPL_VAR NAME="borrowermail" -->
                                 </a>
                             <!--/TMPL_IF-->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/waitingreserves.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/waitingreserves.tmpl
index 0b42a14..5f6d29a 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/waitingreserves.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/waitingreserves.tmpl
@@ -5,10 +5,10 @@
 <script type="text/javascript" language="JavaScript">
 //<![CDATA[
 $.tablesorter.addParser({
-    id: 'articles', 
-    is: function(s) {return false;  }, 
-    format: function(s) { return s.toLowerCase().replace(/^(the|an|a) /,''); }, 
-    type: 'text' 
+    id: 'articles',
+    is: function(s) {return false;  },
+    format: function(s) { return s.toLowerCase().replace(/^(the|an|a) /,''); },
+    type: 'text'
 });
 	 $(document).ready(function() {
 	 	$("th a").hide();
@@ -17,7 +17,7 @@ $.tablesorter.addParser({
 		dateFormat: 'uk',<!-- /TMPL_IF -->
 			sortList: [[3,0]],
 			headers: { 1:{sorter:'articles'},3: { sorter: 'articles' },4:{sorter:false}}
-		}); 
+		});
  	 });
 //]]>
 </script>
@@ -32,7 +32,7 @@ $.tablesorter.addParser({
 </div>
 
 <div id="doc" class="yui-t7">
-   
+
    <div id="bd">
 	<div id="yui-main">
 	<div class="yui-g">
@@ -90,7 +90,7 @@ $.tablesorter.addParser({
                     </td>
                     <td>
                         <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!--TMPL_VAR Name="borrowernum"-->"><!-- TMPL_VAR NAME="borrowername" -->, <!-- TMPL_VAR NAME="borrowerfirstname" --></a><br /><!-- TMPL_VAR NAME="borrowerphone" --><br />
-                        <!-- TMPL_IF NAME="borrowermail" --><a href="mailto:<!-- TMPL_VAR NAME="email" -->?subject=Reservation: <!-- TMPL_VAR NAME="title" -->">
+                        <!-- TMPL_IF NAME="borrowermail" --><a href="mailto:<!-- TMPL_VAR NAME="email" -->?subject=Reservation: <!-- TMPL_VAR NAME="title" ESCAPE="url" -->">
         <!-- TMPL_VAR NAME="borrowermail" --></a><!--/TMPL_IF-->
                     </td>
                     <td><!-- TMPL_VAR NAME="homebranch" --> <!-- TMPL_VAR NAME="itemcallnumber" --></td>
@@ -101,7 +101,7 @@ $.tablesorter.addParser({
                             <input type="hidden" name="fbr" value="<!-- TMPL_VAR NAME="holdingbranch" -->" />
                             <input type="hidden" name="tbr" value="<!-- TMPL_VAR NAME="homebranch" -->" />
                             <!-- TMPL_IF NAME="dotransfer" -->
-                            <input type="submit" value="Cancel hold and return to : <!-- TMPL_VAR NAME="homebranch" -->" /> 
+                            <input type="submit" value="Cancel hold and return to : <!-- TMPL_VAR NAME="homebranch" -->" />
                             <!-- TMPL_ELSE -->
                             <input type="submit" value="Cancel hold" />
                             <!-- /TMPL_IF -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/labels/result.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/labels/result.tmpl
index 19db05c..1168102 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/labels/result.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/labels/result.tmpl
@@ -86,7 +86,7 @@
 	        <table id="label-search-results" frame="border" border="2">
 		    <tr>
 		        <td colspan="5">
-		            <label style="font-weight:bold;"><!-- TMPL_VAR NAME="title" --></label>
+		            <label style="font-weight:bold;"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></label>
                             by <!-- TMPL_VAR NAME="author" --><br />
                             [<!-- TMPL_VAR NAME="itemtype" -->], <!-- TMPL_IF name="publishercode" --><!-- TMPL_VAR name="publishercode" --> <!-- /TMPL_IF --><!-- TMPL_IF name="place" --><!-- TMPL_VAR name="place" --> <!-- /TMPL_IF --><!-- TMPL_IF name="copyrightdate" --><!-- TMPL_VAR name="copyrightdate" -->, <!-- /TMPL_IF --><!-- TMPL_IF name="pages" --><!-- TMPL_VAR name="pages" --><!-- /TMPL_IF --><!-- TMPL_IF name="isbn" -->, <b>ISBN: </b><!-- TMPL_VAR name="isbn" --><!-- /TMPL_IF --><!-- TMPL_IF name="notes" -->,<br /><!-- TMPL_VAR name="notes" --><!-- /TMPL_IF -->
 			</td>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/offline_circ/process_koc.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/offline_circ/process_koc.tmpl
index d4d2d57..960052c 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/offline_circ/process_koc.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/offline_circ/process_koc.tmpl
@@ -41,7 +41,7 @@ function CheckForm(f) {
 <div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/circ/circulation-home.pl">Circulation</a> &rsaquo; <!-- TMPL_IF NAME="transactions_loaded" --> <a href="/cgi-bin/koha/offline_circ/process_koc.pl">Offline Circulation File Upload</a> &rsaquo; Results<!-- TMPL_ELSE --> Offline Circulation File Upload<!-- /TMPL_IF --></div>
 
 <div id="doc" class="yui-t7">
-   
+
    <div id="bd">
 
 <!-- TMPL_IF NAME="transactions_loaded" -->
@@ -54,9 +54,9 @@ function CheckForm(f) {
 	</div>
 	<!-- /TMPL_IF -->
 	<!-- TMPL_IF NAME="ERROR_no_borrower_from_item" --><p>Warning: Unable to determine patron from item barcode (<!-- TMPL_VAR NAME="badbarcode" -->). Cannot check in.</p><!-- /TMPL_IF -->
-	<!-- TMPL_IF NAME="issue" --><p>Checked out <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a> (<!-- TMPL_VAR NAME="barcode" -->) to <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" --></a> (<!-- TMPL_VAR NAME="cardnumber" -->): <!-- TMPL_VAR NAME="datetime" --></p><!-- /TMPL_IF -->
-	<!-- TMPL_IF NAME="renew" --><p>Renewed <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a>  (<!-- TMPL_VAR NAME="barcode" -->) for <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" --></a> (<!-- TMPL_VAR NAME="cardnumber" -->): <!-- TMPL_VAR NAME="datetime" --></p><!-- /TMPL_IF -->
-	<!-- TMPL_IF NAME="return" --><p>Checked in <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a> (<!-- TMPL_VAR NAME="barcode" -->) from <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" --></a> (<!-- TMPL_VAR NAME="cardnumber" -->): <!-- TMPL_VAR NAME="datetime" --></p><!-- /TMPL_IF -->
+	<!-- TMPL_IF NAME="issue" --><p>Checked out <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a> (<!-- TMPL_VAR NAME="barcode" -->) to <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" --></a> (<!-- TMPL_VAR NAME="cardnumber" -->): <!-- TMPL_VAR NAME="datetime" --></p><!-- /TMPL_IF -->
+	<!-- TMPL_IF NAME="renew" --><p>Renewed <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a>  (<!-- TMPL_VAR NAME="barcode" -->) for <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" --></a> (<!-- TMPL_VAR NAME="cardnumber" -->): <!-- TMPL_VAR NAME="datetime" --></p><!-- /TMPL_IF -->
+	<!-- TMPL_IF NAME="return" --><p>Checked in <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a> (<!-- TMPL_VAR NAME="barcode" -->) from <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" --></a> (<!-- TMPL_VAR NAME="cardnumber" -->): <!-- TMPL_VAR NAME="datetime" --></p><!-- /TMPL_IF -->
 	<!-- TMPL_IF NAME="payment" --><p>Accepted payment (<!-- TMPL_VAR NAME="amount" -->) from <a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" --></a> (<!-- TMPL_VAR NAME="cardnumber" -->): <!-- TMPL_VAR NAME="datetime" --></p><!-- /TMPL_IF -->
   <!-- /TMPL_LOOP -->
 <!-- TMPL_ELSE -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/serials_stats.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/serials_stats.tmpl
index 3888d2e..d8bb17b 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/serials_stats.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/serials_stats.tmpl
@@ -7,7 +7,7 @@
 <script type="text/javascript" src="<!-- TMPL_VAR name="themelang" -->/lib/jquery/plugins/jquery.tablesorter.min.js"></script>
 <script type="text/JavaScript" language="JavaScript">
 	//<![CDATA[
-    	$(document).ready(function() { 
+		$(document).ready(function() {
     		$("#resulttable").tablesorter({
     				widgets : ['zebra']
     			});
@@ -44,7 +44,7 @@
 			<tr>
 				<!-- TMPL_LOOP NAME="datas" -->
 					<td><!-- TMPL_VAR NAME="name" --></td>
-					<td><!-- TMPL_VAR NAME="title" --></td>
+					<td><!-- TMPL_VAR NAME="title" ESCAPE="html" --></td>
 					<td><!-- TMPL_VAR NAME="subscriptionid" --></td>
 					<td><!-- TMPL_VAR NAME="branchcode" --></td>
 					<td><!-- TMPL_VAR NAME="callnumber" --></td>
@@ -58,44 +58,44 @@
 
 <!-- TMPL_ELSE -->
 	<form method="post" action="/cgi-bin/koha/reports/serials_stats.pl">
-	
+
 	<fieldset class="rows">
 		<ol>
 			<li>
-				
+
 				<label for="bookseller">
 					Vendor:
 			    </label>
 				<select name="bookseller" id="bookseller">
 					<option value="">Any Vendor</option>
     				<!--TMPL_LOOP Name="booksellers"-->
-        				<option value="<!--TMPL_VAR Name="aqbooksellerid"-->"><!--TMPL_VAR Name="name"--></option>  
-     				<!--/TMPL_LOOP --> 
+						<option value="<!--TMPL_VAR Name="aqbooksellerid"-->"><!--TMPL_VAR Name="name"--></option>
+					<!--/TMPL_LOOP -->
 			    </select>
 			</li><li>
 		    	<label for="branch">
-					Branch: 
+					Branch:
 		    	</label>
 		    	<select name="branchcode"  id="branchcode">
 		    		<option value="">Any Branch</option>
     				<!--TMPL_LOOP Name="branches"-->
-        				<option value="<!--TMPL_VAR Name="branchcode"-->"><!--TMPL_VAR Name="branchname"--></option>  
-     				<!--/TMPL_LOOP --> 		    	
+						<option value="<!--TMPL_VAR Name="branchcode"-->"><!--TMPL_VAR Name="branchname"--></option>
+					<!--/TMPL_LOOP -->
 		    	</select>
-		    	
+
 		    </li>
 		    <li>
 		    	<label for="expired">Include expired subscriptions: </label>
 		    	<input type="checkbox" name="expired" />
 		    </li>
-		</ol>	
+		</ol>
 	</fieldset>
-	
+
 
 	<fieldset class="rows">
 	<legend>Output</legend>
 <ol><li><label for="outputscreen">To screen into the browser: </label><input type="radio" checked="checked" name="output" id="outputscreen" value="screen" /> </li>
-<li><label for="outputfile">To a file:</label> 		<input type="radio" name="output" value="file" id="outputfile" /> <label class="inline" for="basename">Named: </label><input type="text" name="basename" id="basename" value="Export" /> 
+<li><label for="outputfile">To a file:</label> 		<input type="radio" name="output" value="file" id="outputfile" /> <label class="inline" for="basename">Named: </label><input type="text" name="basename" id="basename" value="Export" />
 		<label class="inline" for="MIME">Into an application</label><!-- TMPL_VAR NAME="CGIextChoice" -->
 		<!-- TMPL_VAR NAME="CGIsepChoice" --></li></ol>
 	</fieldset>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/reserve/request.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/reserve/request.tmpl
index 9fd20c4..37ac89b 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/reserve/request.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reserve/request.tmpl
@@ -447,7 +447,7 @@ function checkMultiHold() {
         <!-- /TMPL_IF -->
           <td>
             <ul>
-              <li><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a></li>
+              <li><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a></li>
               <!-- TMPL_IF NAME="publicationyear" -->
                 <li><span class="label">Publication year:</span> <!-- TMPL_VAR NAME="publicationyear" --></li>
               <!-- /TMPL_IF -->
@@ -526,7 +526,7 @@ function checkMultiHold() {
     <!-- TMPL_IF NAME="reserveloop" -->
     <table>
       <!-- TMPL_IF NAME="multi_hold" -->
-          <caption><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a></caption>
+          <caption><a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a></caption>
       <!-- /TMPL_IF -->
       <tr>
         <th>Priority</th>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/rotating_collections/addItems.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/rotating_collections/addItems.tmpl
index c70c94a..2cfa8b6 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/rotating_collections/addItems.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/rotating_collections/addItems.tmpl
@@ -50,7 +50,7 @@
           </tr>
 
           <input type="hidden" id="colId" name="colId" value="<!-- TMPL_VAR NAME="colId" -->" />
-          <input type="hidden" name="action" value="addItem" /> 
+          <input type="hidden" name="action" value="addItem" />
           <tr><td align="right" colspan="99"><input type="submit" value="Submit" /></td></tr>
         </table>
         </form>
@@ -67,7 +67,7 @@
             </tr>
             <!-- TMPL_LOOP NAME="collectionItemsLoop" -->
               <tr>
-                <td><!-- TMPL_VAR NAME="title" --></td>
+                <td><!-- TMPL_VAR NAME="title" ESCAPE="html" --></td>
                 <td><!-- TMPL_VAR NAME="itemcallnumber" --></td>
                 <td><!-- TMPL_VAR NAME="barcode" --></td>
               </tr>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tmpl
index 0e23cfb..5efdfb5 100755
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion/suggestion.tmpl
@@ -99,7 +99,7 @@ h4.collapse a { font-size : 80%; text-decoration: none; } fieldset.brief ol { di
         <h1>Enter a new purchase suggestion</h1>
     <!--/TMPL_IF-->
     <fieldset class="rows"> <legend>Bibliographic information</legend><ol>
-        <li><label for="title">Title:</label><input type="text" id="title" name="title" size="50" maxlength="80" value="<!--TMPL_VAR Name="title"-->"/></li>
+        <li><label for="title">Title:</label><input type="text" id="title" name="title" size="50" maxlength="80" value="<!--TMPL_VAR Name="title" ESCAPE="html"-->"/></li>
         <li><label for="author">Author:</label><input type="text" id="author" name="author" size="50" maxlength="80" value="<!--TMPL_VAR Name="author"-->"/></li>
         <li><label for="copyrightdate">Copyright date:</label><input type="text" id="copyrightdate" name="copyrightdate" size="4" maxlength="4" value="<!--TMPL_VAR Name="copyrightdate"-->" /></li>
         <li><label for="isbn">ISBN or ISSN or other standard number:</label><input type="text" id="isbn" name="isbn" size="50" maxlength="80" value="<!--TMPL_VAR Name="isbn"-->"/></li>
@@ -210,7 +210,7 @@ h4.collapse a { font-size : 80%; text-decoration: none; } fieldset.brief ol { di
                 </td>
                 <td>
                     <a href="suggestion.pl?suggestionid=<!-- TMPL_VAR NAME="suggestionid" -->&amp;op=edit" title="suggestion" >
-                        <!-- TMPL_VAR NAME="title" --><!-- TMPL_IF NAME="author" -->, by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF -->
+                        <!-- TMPL_VAR NAME="title" ESCAPE="html" --><!-- TMPL_IF NAME="author" -->, by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF -->
                     </a>
                     <br />
                     <!-- TMPL_IF name="copyrightdate" -->&copy; <!-- TMPL_VAR name="copyrightdate" --> <!-- /TMPL_IF -->
@@ -289,7 +289,7 @@ h4.collapse a { font-size : 80%; text-decoration: none; } fieldset.brief ol { di
                 <div style="display:block;" id="limits">
 
 				<fieldset class="brief"><h4 class="collapse"><a href="#">Bibliographic information</a></h4>
-                   <ol> <li><label for="title"> Title:</label><input type="text" id="title" name="title" value="<!-- TMPL_VAR name="title"-->" /></li>
+                   <ol> <li><label for="title"> Title:</label><input type="text" id="title" name="title" value="<!-- TMPL_VAR name="title" ESCAPE="html"-->" /></li>
                     <li><label for="author"> Author:</label><input type="text" id="author" name="author" value="<!-- TMPL_VAR name="author"-->" /></li>
                     <li><label for="isbn"> ISBN:</label><input type="text" id="isbn"  name="isbn" value="<!-- TMPL_VAR name="isbn"-->" /></li>
                     <li><label for="publishercode"> Publisher:</label><input type="text" id="publishercode" name="publishercode" value="<!-- TMPL_VAR name="publishercode"-->" /></li>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/addbybiblionumber.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/addbybiblionumber.tmpl
index 5d2c44e..eed4e25 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/addbybiblionumber.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/addbybiblionumber.tmpl
@@ -2,7 +2,7 @@
 <title>Koha &rsaquo; Add to List</title>
 <!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
 <style type="text/css">
-   #custom-doc { width:34.62em;*width:33.78em;min-width:450px; margin:auto; margin-top: .4em;text-align:left; } 
+   #custom-doc { width:34.62em;*width:33.78em;min-width:450px; margin:auto; margin-top: .4em;text-align:left; }
    </style>
 </head>
 <body>
@@ -16,7 +16,7 @@
                 <!-- /TMPL_IF -->
 		<ul>
 		    <!-- TMPL_LOOP NAME="biblios"-->
-			<li> <span class="title"><!-- TMPL_VAR NAME="title"--></span>
+			<li> <span class="title"><!-- TMPL_VAR NAME="title" ESCAPE="html"--></span>
 			    <!-- TMPL_IF NAME="author"--><span class="author"> <!-- TMPL_VAR NAME="author"--> </span><!-- /TMPL_IF -->
 			</li>
 		    <!-- /TMPL_LOOP -->
@@ -69,7 +69,7 @@
 		<option value="3">Open</option>
 	    </select>
 	</li></ol>
-    </fieldset> 
+    </fieldset>
 
 
 <!-- /TMPL_UNLESS -->
@@ -80,7 +80,7 @@
 			<input type="submit" value="Save" class="submit" /> <a class="close cancel" href="#">Cancel</a>
 		    </fieldset>
 		</form>
-<!-- /SAVE -->            
+<!-- /SAVE -->
 
 </div>
 
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-account.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-account.tmpl
index 7082eec..0b7f220 100644
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-account.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-account.tmpl
@@ -13,7 +13,7 @@
     <!-- TMPL_LOOP NAME="BORROWER_INFO" -->
         <h3><a href="/cgi-bin/koha/opac-user.pl"><!-- TMPL_VAR NAME="firstname" --> <!-- TMPL_VAR NAME="surname" -->'s account</a> <img src="<!-- TMPL_VAR NAME="themelang" -->../../images/caret.gif" width="16" height="16" alt="&gt;" border="0" /> Fines and Charges</h3>
     <!-- /TMPL_LOOP -->
-    
+
     <!-- TMPL_IF NAME="ACCOUNT_LINES" -->
         <table>
             <thead>
@@ -24,14 +24,14 @@
                     <th>Amount Outstanding</th>
                 </tr>
             </thead>
-            
+
             <tfoot>
             <tr>
                 <th class="sum" colspan="3">Total Due</th>
                 <td class="sum"><!-- TMPL_VAR NAME="total" --></td>
             </tr>
             </tfoot>
-            
+
             <tbody>
                 <!-- TMPL_LOOP NAME="ACCOUNT_LINES" -->
                     <!-- TMPL_IF NAME="odd" --><tr class="highlight"><!-- TMPL_ELSE --><tr><!-- /TMPL_IF -->
@@ -43,7 +43,7 @@
                     </tr>
                 <!-- /TMPL_LOOP -->
             </tbody>
-        
+
         </table>
     <!-- TMPL_ELSE -->
         <h4>You have no Fines or Charges</h4>
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-basket.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-basket.tmpl
index f1b1a39..d39baa8 100644
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-basket.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-basket.tmpl
@@ -4,7 +4,7 @@
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <link rel="shortcut icon" href="<!-- TMPL_VAR NAME="themelang" -->/includes/favicon.ico" type="image/x-icon" />
 <meta http-equiv="Content-Language" content="en-us" />
-<style type="text/css"> 
+<style type="text/css">
     @import url(<!-- TMPL_VAR NAME="themelang" -->/css/print.css);
 </style>
     <!-- TMPL_ELSE --><!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
@@ -13,14 +13,14 @@
 	<script type="text/javascript">
 	//<![CDATA[
 
-$(document).ready(function() 
-    { 
+$(document).ready(function()
+    {
         $("#itemst").tablesorter({
                         headers: { 0: { sorter: false }}
-                }); 
-    } 
-); 
-    
+                });
+    }
+);
+
 
 var MSG_NO_TAG_SPECIFIED = _("No tag was specified.");
 
@@ -73,9 +73,9 @@ function tagAdded() {
 		var checked = [];
 		$("#bookbag_form").checkCheckboxes("*", true).each(
 		    function() {
-				selRecord(this.value,true); 
+				selRecord(this.value,true);
 			}
-		); 
+		);
 	        return false;
 	    });
 	    $("#CheckNone").click(function(){
@@ -91,7 +91,7 @@ function tagAdded() {
         $(".holdsep").text("| ");
         $(".hold").text(_("Place Hold"));
 <!-- /TMPL_IF -->
-  
+
         <!-- TMPL_IF NAME="TagsEnabled" -->
         <!-- TMPL_IF NAME="TagsInputOnList" -->
           $(".tagsep").text("| ");
@@ -160,7 +160,7 @@ function tagAdded() {
     <!-- TMPL_LOOP NAME="BIBLIO_RESULTS" -->
     <h3>
         <!-- TMPL_IF NAME="print_basket" -->
-            <!-- TMPL_VAR NAME="title" -->
+            <!-- TMPL_VAR NAME="title" escape="html" -->
                 <!-- TMPL_IF name="subtitle" --> <!-- TMPL_VAR NAME="subtitle" --><!-- /TMPL_IF -->
                 <!-- TMPL_IF name="author" --> <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF -->
         <!-- TMPL_ELSE -->
@@ -199,7 +199,7 @@ function tagAdded() {
 	    </td>
         </tr>
         <!-- /TMPL_IF -->
-        
+
         <!-- TMPL_IF NAME="publishercode" -->
             <tr>
                 <th scope="row">Publisher</th>
@@ -219,7 +219,7 @@ function tagAdded() {
             <td> <!-- TMPL_VAR NAME="seriestitle" --></td>
         </tr>
         <!-- /TMPL_IF -->
-        
+
         <!-- TMPL_IF name="MARCSUBJCTS" -->
         <tr>
             <th scope="row">Subject(s)</th>
@@ -230,13 +230,13 @@ function tagAdded() {
                 <!-- /TMPL_LOOP --></td>
         </tr>
         <!-- /TMPL_IF -->
-    
+
         <!-- TMPL_IF name="copyrightdate" -->
             <tr><th scope="row">Copyright</th>
                 <td> <!-- TMPL_VAR NAME="copyrightdate" --></td>
             </tr>
         <!-- /TMPL_IF -->
-    
+
         <!-- TMPL_IF name="MARCNOTES" -->
         <tr>
             <th scope="row">Notes</th>
@@ -246,7 +246,7 @@ function tagAdded() {
             <!-- /TMPL_LOOP --></td>
         </tr>
         <!-- /TMPL_IF -->
-    
+
         <!-- TMPL_IF name="unititle" -->
         <tr>
             <th scope="row">Unified title</th>
@@ -277,20 +277,20 @@ function tagAdded() {
             <td> <!-- TMPL_VAR name="lccn" --></td>
         </tr>
         <!-- /TMPL_IF -->
-		
+
         <!-- TMPL_IF name="MARCURLS" -->
         <tr>
             <th scope="row">URL(s)</th>
             <td>
 	   <!-- TMPL_LOOP name="MARCURLS" -->
 		<p><!-- TMPL_IF NAME="part" --><!-- TMPL_VAR NAME="part" -->
-			<br /><!-- /TMPL_IF --> 
-	
+			<br /><!-- /TMPL_IF -->
+
 		<!-- TMPL_VAR NAME="MARCURL" -->
 			<!-- TMPL_IF NAME="notes" --><!-- TMPL_LOOP NAME="notes" --><!-- TMPL_VAR NAME="note" --><br /><!-- /TMPL_LOOP --><!-- /TMPL_IF -->
             <!-- /TMPL_LOOP --></p></td>
         </tr><!-- /TMPL_IF -->
-		
+
         <tr>
             <th scope="row">Location(s)</th>
             <td><!-- TMPL_IF NAME="ITEM_RESULTS" --><!-- TMPL_LOOP NAME="ITEM_RESULTS" -->
@@ -310,10 +310,10 @@ function tagAdded() {
 <!-- TMPL_UNLESS NAME="print_basket" -->
 <p style="border-top : 1px solid #E8E8E8;">
 	<form action="/cgi-bin/koha/opac-basket.pl" method="get" name="bookbag_form" id="bookbag_form">
-    <a id="CheckAll" href="#">Select All</a> 
+    <a id="CheckAll" href="#">Select All</a>
     <a id="CheckNone" href="#">Clear All</a>
     | <b>Selected items :</b>
-<span id="tag_hides">                
+<span id="tag_hides">
 <a href="#" onclick="delSelRecords(); return false;">Remove</a>
 <!-- TMPL_IF NAME="loggedinusername" -->
      | <a href="#" onclick="addSelToShelf(); return false;">Add to a list</a>
@@ -346,7 +346,7 @@ function tagAdded() {
             <!-- /TMPL_IF -->
             <!-- TMPL_UNLESS NAME="print_basket" --><td>
                         <input type="checkbox" value="<!-- TMPL_VAR NAME="biblionumber" -->" name="bib<!-- TMPL_VAR NAME="biblionumber" -->" id="bib<!-- TMPL_VAR NAME="biblionumber" -->" onclick="selRecord(value,checked);" />
-                   
+
                 </td> <!-- /TMPL_UNLESS -->
             <td>
 		<a href="#" onclick="openBiblio('<!-- TMPL_VAR name="dest" -->',<!-- TMPL_VAR name="biblionumber" -->)">
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-opensearch.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-opensearch.tmpl
index 9ac0592..87d8a1d 100644
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-opensearch.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-opensearch.tmpl
@@ -5,14 +5,14 @@
    <Description>Search the <!-- TMPL_VAR NAME="LibraryName" ESCAPE="html" --></Description>
    <Tags>koha opac <!-- TMPL_VAR NAME="LibraryName" ESCAPE="html" --></Tags>
    <Contact><!-- TMPL_VAR NAME="KohaAdminEmailAddress" ESCAPE="html" --></Contact>
-   <Url type="application/rss+xml" 
+   <Url type="application/rss+xml"
         template="<!-- TMPL_VAR NAME="OPACBaseURL" -->/cgi-bin/koha/opac-search.pl?q={searchTerms}&amp;pw={startPage?}&amp;format=rss2"/>
 </OpenSearchDescription>
 
 <!-- TMPL_ELSE -->
 
 <!-- TMPL_IF NAME="rss2" -->
-<rss version="2.0" 
+<rss version="2.0"
       xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
       xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
@@ -46,7 +46,7 @@
                         <!-- TMPL_IF name="size" --> <!-- TMPL_VAR name="size"  ESCAPE="html" -->. <!-- /TMPL_IF -->
                         <!-- TMPL_IF name="isbn" --> <!-- TMPL_VAR name="isbn"  ESCAPE="html" --><!-- /TMPL_IF --> </p><p>
 <!-- TMPL_IF NAME="RequestOnOpac" -->
-<a href="<!-- TMPL_VAR NAME="OPACBaseURL" -->/cgi-bin/koha/opac-reserve.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->">Place Hold on <i><!-- TMPL_VAR NAME="title" --></i></a></p>
+<a href="<!-- TMPL_VAR NAME="OPACBaseURL" -->/cgi-bin/koha/opac-reserve.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->">Place Hold on <i><!-- TMPL_VAR NAME="title" ESCAPE="html" --></i></a></p>
 <!-- /TMPL_IF -->
 						]]></description>
        <guid><!-- TMPL_VAR NAME="OPACBaseURL" -->/cgi-bin/koha/opac-detail.pl?biblionumber=<!-- TMPL_VAR NAME="biblionumber" --></guid>
@@ -57,15 +57,15 @@
 <!-- /TMPL_IF -->
 
 <!-- TMPL_IF NAME="atom" -->
-<feed xmlns="http://www.w3.org/2005/Atom" 
+<feed xmlns="http://www.w3.org/2005/Atom"
        xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
    <id><!-- TMPL_VAR NAME="OPACBaseURL" -->/cgi-bin/koha/opac-search.pl?<!-- TMPL_VAR name="query_cgi" ESCAPE="html" --><!-- TMPL_VAR NAME="limit_cgi" ESCAPE="html" -->&amp;format=atom</id>
    <title><!-- TMPL_VAR NAME="LibraryName" ESCAPE="html" --> Search <!-- TMPL_IF NAME="query_desc" -->for '<!-- TMPL_VAR NAME="query_desc" ESCAPE="html" -->'<!-- /TMPL_IF --><!-- TMPL_IF NAME="limit_desc" -->&nbsp;with limit(s):&nbsp;'<!-- TMPL_VAR NAME="limit_desc" ESCAPE="html" -->'<!-- /TMPL_IF --></title>
     <link href="<!-- TMPL_VAR NAME="OPACBaseURL" -->/cgi-bin/koha/opac-search.pl?<!-- TMPL_VAR name="query_cgi" ESCAPE="HTML" --><!-- TMPL_VAR NAME="limit_cgi"  ESCAPE="HTML" -->&amp;format=rss2"/>
    <updated><!-- TMPL_VAR NAME="timestamp" --></updated>
-   <author> 
+   <author>
      <name><!-- TMPL_VAR NAME="LibraryName" ESCAPE="html" --></name>
-   </author> 
+   </author>
    <!-- <id>urn:uuid:60a76c80-d399-11d9-b93C-0003939e0af6</id> -->
    <opensearch:totalResults><!-- TMPL_VAR NAME="total" --></opensearch:totalResults>
    <opensearch:startIndex><!-- TMPL_VAR NAME="page" --></opensearch:startIndex>
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tmpl
index dd27de6..0162ccb 100644
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-results-grouped.tmpl
@@ -1,5 +1,5 @@
 <!-- TMPL_INCLUDE NAME="doc-head-open.inc" -->
-<!-- TMPL_IF NAME="LibraryNameTitle" --><!-- TMPL_VAR NAME="LibraryNameTitle" --><!-- TMPL_ELSE -->Koha Online<!-- /TMPL_IF --> Catalog &rsaquo; 
+<!-- TMPL_IF NAME="LibraryNameTitle" --><!-- TMPL_VAR NAME="LibraryNameTitle" --><!-- TMPL_ELSE -->Koha Online<!-- /TMPL_IF --> Catalog &rsaquo;
 <!-- TMPL_IF NAME="searchdesc" -->
 	Results of Search <!-- TMPL_IF NAME="query_desc" -->for '<!-- TMPL_VAR NAME="query_desc" -->'<!-- /TMPL_IF --><!-- TMPL_IF NAME="limit_desc" -->&nbsp;with limit(s):&nbsp;'<!-- TMPL_VAR NAME="limit_desc" -->'<!-- /TMPL_IF -->
 <!-- TMPL_ELSE -->
@@ -35,12 +35,12 @@ $(document).ready(function(){
 			<!-- TMPL_IF NAME="loggedinusername" -->if (vShelfAdd()) {
 			Dopop('/cgi-bin/koha/opac-addbybiblionumber.pl?selectedshelf='+shelfnumber+'&' + vShelfAdd());
 			}<!-- TMPL_ELSE --> alert('You must be logged in to create or add to Lists'); <!-- /TMPL_IF -->
-			return false;			
+			return false;
 		} else if($("#addto").find("option:selected").attr("value") == "newlist"){
 			<!-- TMPL_IF NAME="loggedinusername" -->if (vShelfAdd()) {
 			Dopop('/cgi-bin/koha/opac-addbybiblionumber.pl?newshelf=1&' + vShelfAdd());
 			}<!-- TMPL_ELSE --> alert('You must be logged in to create or add to Lists'); <!-- /TMPL_IF -->
-			return false;	
+			return false;
 		}
 		if($("#addto").find("option:selected").attr("value") == "addtocart"){
 			addMultiple();
@@ -54,7 +54,7 @@ $(document).ready(function(){
     $("#CheckNone").click(function(){
         $("#bookbag_form").unCheckCheckboxes();
         return false;
-    }); 
+    });
     <!-- TMPL_IF NAME="query_desc" -->
     var query_desc = "<!-- TMPL_VAR NAME="query_desc" ESCAPE="JS"-->";
     q_array = query_desc.split(" ");
@@ -103,8 +103,8 @@ function highlightOn() {
 	<h4>Error:</h4>
     <!-- TMPL_VAR NAME="query_error" -->
 </div>
-<!-- /TMPL_IF -->	
-	
+<!-- /TMPL_IF -->
+
 <!-- Search Results Table -->
 <!-- TMPL_IF NAME="total" -->
 <!-- TMPL_IF NAME="scan" -->
@@ -139,7 +139,7 @@ function highlightOn() {
             </tr>
         </table>
     </form>
-    
+
     <form action="/cgi-bin/koha/opac-search.pl" method="get">
         <table>
             <tr>
@@ -153,7 +153,7 @@ function highlightOn() {
 			<tr>
 			<!-- /TMPL_IF -->
                 <td>
-                    <a href="/cgi-bin/koha/opac-search.pl?q=<!-- TMPL_VAR NAME="scan_use" escape="url" -->&quot;<!-- TMPL_VAR NAME="title" -->&quot;"><!-- TMPL_VAR NAME="title" --></a>
+                    <a href="/cgi-bin/koha/opac-search.pl?q=<!-- TMPL_VAR NAME="scan_use" escape="url" -->&quot;<!-- TMPL_VAR NAME="title" ESCAPE="url" -->&quot;"><!-- TMPL_VAR NAME="title" ESCAPE="html" --></a>
                 </td>
                 <td>
                     <!-- TMPL_VAR NAME="subtitle" -->
@@ -267,7 +267,7 @@ function highlightOn() {
                                     <a href="/cgi-bin/koha/opac-search.pl?q=callnum:<!-- TMPL_VAR NAME="classification" ESCAPE="URL" -->">
                                         <!-- TMPL_VAR NAME="classification" -->
                                     </a>
-<!-- /TMPL_IF --></p> 
+<!-- /TMPL_IF --></p>
 				</td>
                 </tr>
                 <!-- /TMPL_LOOP -->
@@ -284,7 +284,7 @@ function highlightOn() {
 	<!-- TMPL_IF name="suggestion" -->
 <!-- TMPL_IF NAME="AnonSuggestions" --><div class="suggestion">Not finding what you're looking for?<br />  Make a <a href="/cgi-bin/koha/opac-suggestions.pl?op=add">purchase suggestion</a></div><!-- TMPL_ELSE --><!-- TMPL_IF NAME="loggedinusername" --><div class="suggestion">Not finding what you're looking for?<br />  Make a <a href="/cgi-bin/koha/opac-suggestions.pl?op=add">purchase suggestion</a></div><!-- /TMPL_IF --><!-- /TMPL_IF -->
 <!-- /TMPL_IF -->
-    
+
 </div>
 </div>
 <div class="yui-b">
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl
index 2ae4d82..573295e 100644
--- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl
+++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl
@@ -1,8 +1,8 @@
 <!-- TMPL_INCLUDE name="doc-head-open.inc" --><!-- TMPL_VAR NAME="LibraryNameTitle" DEFAULT="Koha Online" --> Catalog &rsaquo; Comments on <!--TMPL_VAR NAME="title" -->
 <!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
-<style type="text/css"> 
-  #custom-doc { width:37.08em;*width:36.16em;min-width:485px; margin:1em auto; text-align:left; } 
-</style> 
+<style type="text/css">
+  #custom-doc { width:37.08em;*width:36.16em;min-width:485px; margin:1em auto; text-align:left; }
+</style>
 <script type="text/JavaScript" language="JavaScript">
 //<![CDATA[
 	 $(document).ready(function() {
@@ -42,12 +42,12 @@
 			<!-- /TMPL_IF -->
 		<!-- /TMPL_IF -->
 		// $('#reviewf').submit(function() {});
-	}); 
+	});
 //]]>
 </script>
-</head> 
-<body id="comment"> 
-<div id="custom-doc" class="yui-t7"> 
+</head>
+<body id="comment">
+<div id="custom-doc" class="yui-t7">
 <div class="container">
 <!-- TMPL_IF NAME="cgi_debug" --><div class="debug">CGI debug is on.</div><!-- /TMPL_IF -->
 <!-- TMPL_IF NAME="ERRORS" -->
@@ -65,10 +65,10 @@
 	<!-- TMPL_IF NAME="WINDOW_CLOSE" -->Note: this window will close automatically in 5 seconds<!-- /TMPL_IF -->
 	</div>
 <!-- /TMPL_IF -->
-<form id="reviewf" action="/cgi-bin/koha/opac-review.pl<!-- TMPL_IF NAME="cgi_debug" -->?debug=1<!-- /TMPL_IF -->" method="post"> 
+<form id="reviewf" action="/cgi-bin/koha/opac-review.pl<!-- TMPL_IF NAME="cgi_debug" -->?debug=1<!-- /TMPL_IF -->" method="post">
     <input type="hidden" name="biblionumber" value="<!-- TMPL_VAR NAME="biblionumber" -->" />
 	<fieldset class="brief">
-	<legend>Comments on <i><!--TMPL_VAR NAME="title" --> <!-- TMPL_VAR NAME="subtitle" --></i><!-- TMPL_IF NAME="author" -->by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF --></legend>
+	<legend>Comments on <i><!--TMPL_VAR NAME="title" ESCAPE="html" --> <!-- TMPL_VAR NAME="subtitle" --></i><!-- TMPL_IF NAME="author" -->by <!-- TMPL_VAR NAME="author" --><!-- /TMPL_IF --></legend>
             <ol><li><textarea id="review" name="review" cols="60" rows="8"><!--TMPL_VAR NAME="review"--></textarea></li></ol>
 		</fieldset>
     <p>Note: Your comment must be approved by a librarian. </p>
-- 
1.6.3.3


