From e6dedfbf9445eb1009fd246b26d870308b5877aa Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Mon, 24 Jul 2017 20:48:22 +0200
Subject: [PATCH] Add html escaping

---
 Theme/Backend/item-create.tpl.php        | 328 +++++++++++------------
 Theme/Backend/purchase-item-list.tpl.php |  18 +-
 Theme/Backend/sales-item-list.tpl.php    |  20 +-
 Theme/Backend/stock-list.tpl.php         |  20 +-
 4 files changed, 193 insertions(+), 193 deletions(-)

diff --git a/Theme/Backend/item-create.tpl.php b/Theme/Backend/item-create.tpl.php
index a4e16fe..ac29716 100644
--- a/Theme/Backend/item-create.tpl.php
+++ b/Theme/Backend/item-create.tpl.php
@@ -20,20 +20,20 @@ echo $this->getData('nav')->render(); ?>
 <div class="tabular-2">
     <div class="box">
         <ul class="tab-links">
-            <li><label for="c-tab-1"><?= $this->getText('Master') ?></label>
-            <li><label for="c-tab-2"><?= $this->getText('Properties') ?></label>
-            <li><label for="c-tab-4"><?= $this->getText('Sales') ?></label>
-            <li><label for="c-tab-5"><?= $this->getText('Purchase') ?></label>
-            <li><label for="c-tab-6"><?= $this->getText('Accounting') ?></label>
-            <li><label for="c-tab-7"><?= $this->getText('Production') ?></label>
-            <li><label for="c-tab-8"><?= $this->getText('StockList') ?></label>
-            <li><label for="c-tab-9"><?= $this->getText('QM') ?></label>
-            <li><label for="c-tab-10"><?= $this->getText('Packaging') ?></label>
-            <li><label for="c-tab-11"><?= $this->getText('Media') ?></label>
-            <li><label for="c-tab-12"><?= $this->getText('Stock') ?></label>
-            <li><label for="c-tab-13"><?= $this->getText('Disposal') ?></label>
-            <li><label for="c-tab-14"><?= $this->getText('Files') ?></label>
-            <li><label for="c-tab-15"><?= $this->getText('Logs') ?></label>
+            <li><label for="c-tab-1"><?= $this->getHtml('Master'); ?></label>
+            <li><label for="c-tab-2"><?= $this->getHtml('Properties'); ?></label>
+            <li><label for="c-tab-4"><?= $this->getHtml('Sales'); ?></label>
+            <li><label for="c-tab-5"><?= $this->getHtml('Purchase'); ?></label>
+            <li><label for="c-tab-6"><?= $this->getHtml('Accounting'); ?></label>
+            <li><label for="c-tab-7"><?= $this->getHtml('Production'); ?></label>
+            <li><label for="c-tab-8"><?= $this->getHtml('StockList'); ?></label>
+            <li><label for="c-tab-9"><?= $this->getHtml('QM'); ?></label>
+            <li><label for="c-tab-10"><?= $this->getHtml('Packaging'); ?></label>
+            <li><label for="c-tab-11"><?= $this->getHtml('Media'); ?></label>
+            <li><label for="c-tab-12"><?= $this->getHtml('Stock'); ?></label>
+            <li><label for="c-tab-13"><?= $this->getHtml('Disposal'); ?></label>
+            <li><label for="c-tab-14"><?= $this->getHtml('Files'); ?></label>
+            <li><label for="c-tab-15"><?= $this->getHtml('Logs'); ?></label>
         </ul>
     </div>
     <div class="tab-content">
@@ -42,24 +42,24 @@ echo $this->getData('nav')->render(); ?>
             <div class="row">
                 <div class="col-xs-12 col-md-6 col-lg-4">
                     <section class="box wf-100">
-                        <header><h1><?= $this->getText('Item') ?></h1></header>
+                        <header><h1><?= $this->getHtml('Item'); ?></h1></header>
                         <div class="inner">
                             <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                                 <table class="layout wf-100">
                                     <tbody>
-                                    <tr><td><label for="iSource"><?= $this->getText('ID') ?></label>
+                                    <tr><td><label for="iSource"><?= $this->getHtml('ID'); ?></label>
                                     <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iSource" name="source" type="text" placeholder="" required></span>
-                                    <tr><td><label for="iSegment"><?= $this->getText('Segment') ?></label>
+                                    <tr><td><label for="iSegment"><?= $this->getHtml('Segment'); ?></label>
                                     <tr><td><input id="iSegment" name="segment" type="text" placeholder="" required>
-                                    <tr><td><label for="iProductgroup"><?= $this->getText('Productgroup') ?></label>
+                                    <tr><td><label for="iProductgroup"><?= $this->getHtml('Productgroup'); ?></label>
                                     <tr><td><input id="iProductgroup" name="productgroup" type="text" placeholder="" required>
-                                    <tr><td><label for="iGroup"><?= $this->getText('Group') ?></label>
+                                    <tr><td><label for="iGroup"><?= $this->getHtml('Group'); ?></label>
                                     <tr><td><input id="iGroup" name="group" type="text" placeholder="" required>
-                                    <tr><td><label for="iArticlegroup"><?= $this->getText('Articlegroup') ?></label>
+                                    <tr><td><label for="iArticlegroup"><?= $this->getHtml('Articlegroup'); ?></label>
                                     <tr><td><input id="iArticlegroup" name="articlegroup" type="text" placeholder="" required>
-                                    <tr><td><label for="iSSuccessor"><?= $this->getText('Successor') ?></label>
+                                    <tr><td><label for="iSSuccessor"><?= $this->getHtml('Successor'); ?></label>
                                     <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iSource" name="source" type="text" placeholder=""></span>
-                                    <tr><td><input type="submit" value="<?= $this->getText('Create', 0, 0); ?>">
+                                    <tr><td><input type="submit" value="<?= $this->getHtml('Create', 0, 0); ?>">
                                 </table>
                             </form>
                         </div>
@@ -68,24 +68,24 @@ echo $this->getData('nav')->render(); ?>
 
                 <div class="col-xs-12 col-md-6 col-lg-4">
                     <section class="box wf-100">
-                        <header><h1><?= $this->getText('Language') ?></h1></header>
+                        <header><h1><?= $this->getHtml('Language'); ?></h1></header>
                         <div class="inner">
                             <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                                 <table class="layout wf-100">
                                     <tbody>
-                                    <tr><td><label for="iLanguage"><?= $this->getText('Language') ?></label>
+                                    <tr><td><label for="iLanguage"><?= $this->getHtml('Language'); ?></label>
                                     <tr><td><select id="iLanguage" name="language">
                                                 <option>
                                             </select>
-                                    <tr><td><label for="iName"><?= $this->getText('Name1') ?></label>
+                                    <tr><td><label for="iName"><?= $this->getHtml('Name1'); ?></label>
                                     <tr><td><input id="iName" name="name" type="text" placeholder="">
-                                    <tr><td><label for="iName"><?= $this->getText('Name2') ?></label>
+                                    <tr><td><label for="iName"><?= $this->getHtml('Name2'); ?></label>
                                     <tr><td><input id="iName" name="name" type="text" placeholder="">
-                                    <tr><td><label for="iName"><?= $this->getText('Name3') ?></label>
+                                    <tr><td><label for="iName"><?= $this->getHtml('Name3'); ?></label>
                                     <tr><td><input id="iName" name="name" type="text" placeholder="">
-                                    <tr><td><label for="iDescription"><?= $this->getText('Description') ?></label>
+                                    <tr><td><label for="iDescription"><?= $this->getHtml('Description'); ?></label>
                                     <tr><td><textarea id="iDescription" name="description"></textarea>
-                                    <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                                    <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                                 </table>
                             </form>
                         </div>
@@ -96,116 +96,116 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-2" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Property') ?></h1></header>
+                <header><h1><?= $this->getHtml('Property'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Name') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Name'); ?></label>
                             <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iPCustomsId" name="customsid" type="text" placeholder=""></span>
-                            <tr><td><label for="iPTradingUnit"><?= $this->getText('Unit') ?></label>
+                            <tr><td><label for="iPTradingUnit"><?= $this->getHtml('Unit'); ?></label>
                             <tr><td><select id="iPTracking" name="tracking">
                                         <option>
                                     </select>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Value') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Value'); ?></label>
                             <tr><td><input id="iPCustomsId" name="customsid" type="text" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
             </section>
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Language') ?></h1></header>
+                <header><h1><?= $this->getHtml('Language'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPTradingUnit"><?= $this->getText('Language') ?></label>
+                            <tr><td><label for="iPTradingUnit"><?= $this->getHtml('Language'); ?></label>
                             <tr><td><select id="iPTracking" name="tracking">
                                         <option>
                                     </select>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Property') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Property'); ?></label>
                             <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iPCustomsId" name="customsid" type="text" placeholder=""></span>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Translation') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Translation'); ?></label>
                             <tr><td><input id="iPCustomsId" name="customsid" type="text" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
             </section>
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Language') ?></h1></header>
+                <header><h1><?= $this->getHtml('Language'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPTradingUnit"><?= $this->getText('Language') ?></label>
+                            <tr><td><label for="iPTradingUnit"><?= $this->getHtml('Language'); ?></label>
                             <tr><td><select id="iPTracking" name="tracking">
                                         <option>
                                     </select>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Value') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Value'); ?></label>
                             <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iPCustomsId" name="customsid" type="text" placeholder=""></span>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Translation') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Translation'); ?></label>
                             <tr><td><input id="iPCustomsId" name="customsid" type="text" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
             </section>
 
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Attribute') ?></h1></header>
+                <header><h1><?= $this->getHtml('Attribute'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Name') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Name'); ?></label>
                             <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iPCustomsId" name="customsid" type="text" placeholder=""></span>
-                            <tr><td><label for="iPTradingUnit"><?= $this->getText('Unit') ?></label>
+                            <tr><td><label for="iPTradingUnit"><?= $this->getHtml('Unit'); ?></label>
                             <tr><td><select id="iPTracking" name="tracking">
                                         <option>
                                     </select>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Value') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Value'); ?></label>
                             <tr><td><input id="iPCustomsId" name="customsid" type="text" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
             </section>
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Language') ?></h1></header>
+                <header><h1><?= $this->getHtml('Language'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPTradingUnit"><?= $this->getText('Language') ?></label>
+                            <tr><td><label for="iPTradingUnit"><?= $this->getHtml('Language'); ?></label>
                             <tr><td><select id="iPTracking" name="tracking">
                                         <option>
                                     </select>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Attribute') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Attribute'); ?></label>
                             <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iPCustomsId" name="customsid" type="text" placeholder=""></span>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Translation') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Translation'); ?></label>
                             <tr><td><input id="iPCustomsId" name="customsid" type="text" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
             </section>
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Language') ?></h1></header>
+                <header><h1><?= $this->getHtml('Language'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPTradingUnit"><?= $this->getText('Language') ?></label>
+                            <tr><td><label for="iPTradingUnit"><?= $this->getHtml('Language'); ?></label>
                             <tr><td><select id="iPTracking" name="tracking">
                                         <option>
                                     </select>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Value') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Value'); ?></label>
                             <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iPCustomsId" name="customsid" type="text" placeholder=""></span>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('Translation') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('Translation'); ?></label>
                             <tr><td><input id="iPCustomsId" name="customsid" type="text" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -214,41 +214,41 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-4" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Sales') ?></h1></header>
+                <header><h1><?= $this->getHtml('Sales'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPType"><?= $this->getText('Status') ?></label>
+                            <tr><td><label for="iPType"><?= $this->getHtml('Status'); ?></label>
                             <tr><td><select id="iPType" name="ptye">
                                         <option>
                                     </select>
                             <tr><td><label for="iPrice">GTIN</label>
                             <tr><td><input id="iPrice" name="price" type="text" placeholder="">
-                            <tr><td colspan="2"><label for="iPPriceUnit"><?= $this->getText('PriceUnit') ?></label>
+                            <tr><td colspan="2"><label for="iPPriceUnit"><?= $this->getHtml('PriceUnit'); ?></label>
                             <tr><td><select id="iPPriceUnit" name="ppriceunit">
                                         <option value="0">
                                     </select><td>
-                            <tr><td colspan="2"><label for="iPQuantityUnit"><?= $this->getText('QuantityUnit') ?></label>
+                            <tr><td colspan="2"><label for="iPQuantityUnit"><?= $this->getHtml('QuantityUnit'); ?></label>
                             <tr><td><select id="iPQuantityUnit" name="pquantityunit">
                                         <option value="0">
                                     </select><td>
-                            <tr><td><label for="iPTradingUnit"><?= $this->getText('TradingUnit') ?></label>
+                            <tr><td><label for="iPTradingUnit"><?= $this->getHtml('TradingUnit'); ?></label>
                             <tr><td><input id="iPTradingUnit" name="tradingunit" type="number" min="0" step="any" placeholder="">
-                            <tr><td><label for="iPTracking"><?= $this->getText('Tracking') ?></label>
+                            <tr><td><label for="iPTracking"><?= $this->getHtml('Tracking'); ?></label>
                             <tr><td><select id="iPTracking" name="tracking">
-                                        <option><?= $this->getText('None') ?>
-                                        <option><?= $this->getText('Lot') ?>
-                                        <option><?= $this->getText('SN') ?>
-                                        <option><?= $this->getText('Purchase') ?>
+                                        <option><?= $this->getHtml('None'); ?>
+                                        <option><?= $this->getHtml('Lot'); ?>
+                                        <option><?= $this->getHtml('SN'); ?>
+                                        <option><?= $this->getHtml('Purchase'); ?>
                                     </select>
-                            <tr><td><label for="iPVariation"><?= $this->getText('Commission') ?></label>
+                            <tr><td><label for="iPVariation"><?= $this->getHtml('Commission'); ?></label>
                             <tr><td><select id="iPVariation" name="pvariation">
                                         <option value="0">
                                     </select>
-                            <tr><td><label for="iPCustomsId"><?= $this->getText('CustomsID') ?></label>
+                            <tr><td><label for="iPCustomsId"><?= $this->getHtml('CustomsID'); ?></label>
                             <tr><td><input id="iPCustomsId" name="customsid" type="text" placeholder="">
-                            <tr><td><label for="iSInfo"><?= $this->getText('Info') ?></label>
+                            <tr><td><label for="iSInfo"><?= $this->getHtml('Info'); ?></label>
                             <tr><td><textarea id="iSInfo" name="sinfo"></textarea>
                         </table>
                     </form>
@@ -256,34 +256,34 @@ echo $this->getData('nav')->render(); ?>
             </section>
 
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Price') ?></h1></header>
+                <header><h1><?= $this->getHtml('Price'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td colspan="2"><label for="iPName"><?= $this->getText('Name') ?></label>
+                            <tr><td colspan="2"><label for="iPName"><?= $this->getHtml('Name'); ?></label>
                             <tr><td><input id="iPName" name="pname" type="text" placeholder=""><td>
-                            <tr><td colspan="2"><label for="iPrice"><?= $this->getText('Start') ?></label>
+                            <tr><td colspan="2"><label for="iPrice"><?= $this->getHtml('Start'); ?></label>
                             <tr><td><input id="iPrice" name="price" type="datetime-local"><td>
-                            <tr><td colspan="2"><label for="iPrice"><?= $this->getText('End') ?></label>
+                            <tr><td colspan="2"><label for="iPrice"><?= $this->getHtml('End'); ?></label>
                             <tr><td><input id="iPrice" name="price" type="datetime-local"><td>
-                            <tr><td colspan="2"><label for="iPType"><?= $this->getText('Country') ?></label>
+                            <tr><td colspan="2"><label for="iPType"><?= $this->getHtml('Country'); ?></label>
                             <tr><td><select id="iPType" name="ptye">
                                         <option>
                                     </select><td>
-                            <tr><td colspan="2"><label for="iPQuantity"><?= $this->getText('Quantity') ?></label>
+                            <tr><td colspan="2"><label for="iPQuantity"><?= $this->getHtml('Quantity'); ?></label>
                             <tr><td><input id="iPQuantity" name="quantity" type="text" placeholder=""><td>
-                            <tr><td colspan="2"><label for="iPrice"><?= $this->getText('Price') ?></label>
+                            <tr><td colspan="2"><label for="iPrice"><?= $this->getHtml('Price'); ?></label>
                             <tr><td><input id="iPrice" name="price" type="number" step="any" min="0" placeholder=""><td>
-                            <tr><td colspan="2"><label for="iDiscount"><?= $this->getText('Discount') ?></label>
+                            <tr><td colspan="2"><label for="iDiscount"><?= $this->getHtml('Discount'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder=""><td>
-                            <tr><td colspan="2"><label for="iDiscount"><?= $this->getText('DiscountP') ?></label>
+                            <tr><td colspan="2"><label for="iDiscount"><?= $this->getHtml('DiscountP'); ?></label>
                             <tr><td><input id="iDiscountP" name="discountp" type="number" step="any" min="0" placeholder=""><td>
-                            <tr><td colspan="2"><label for="iBonus"><?= $this->getText('Bonus') ?></label>
+                            <tr><td colspan="2"><label for="iBonus"><?= $this->getHtml('Bonus'); ?></label>
                             <tr><td><input id="iBonus" name="bonus" type="number" step="any" min="0" placeholder=""><td>
-                            <tr><td colspan="2"><label for="iGroup"><?= $this->getText('ClientGroup') ?></label>
-                            <tr><td><input id="iGroup" name="price" type="text" placeholder=""><td><button><?= $this->getText('Add', 0, 0) ?></button>
-                            <tr><td colspan="2"><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td colspan="2"><label for="iGroup"><?= $this->getHtml('ClientGroup'); ?></label>
+                            <tr><td><input id="iGroup" name="price" type="text" placeholder=""><td><button><?= $this->getHtml('Add', 0, 0); ?></button>
+                            <tr><td colspan="2"><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -292,32 +292,32 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-5" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Purchase') ?></h1></header>
+                <header><h1><?= $this->getHtml('Purchase'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iSupplierId"><?= $this->getText('Supplier') ?></label>
+                            <tr><td><label for="iSupplierId"><?= $this->getHtml('Supplier'); ?></label>
                             <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iSupplierId" name="supplierid" type="text" placeholder="" required></span>
                             <tr><td><label for="iPrice">GTIN</label>
                             <tr><td><input id="iPrice" name="price" type="text" placeholder="">
-                            <tr><td><label for="iPPriceUnit"><?= $this->getText('PriceUnit') ?></label>
+                            <tr><td><label for="iPPriceUnit"><?= $this->getHtml('PriceUnit'); ?></label>
                             <tr><td><select id="iPPriceUnit" name="ppriceunit">
                                         <option value="0">
                                     </select><td>
-                            <tr><td><label for="iPQuantityUnit"><?= $this->getText('QuantityUnit') ?></label>
+                            <tr><td><label for="iPQuantityUnit"><?= $this->getHtml('QuantityUnit'); ?></label>
                             <tr><td><select id="iPQuantityUnit" name="pquantityunit">
                                         <option value="0">
                                     </select><td>
-                            <tr><td><label for="iPTradingUnit"><?= $this->getText('TradingUnit') ?></label>
+                            <tr><td><label for="iPTradingUnit"><?= $this->getHtml('TradingUnit'); ?></label>
                             <tr><td><input id="iPTradingUnit" name="tradingunit" type="number" min="0" step="any" placeholder="">
-                            <tr><td><label for="iPTracking"><?= $this->getText('Tracking') ?></label>
+                            <tr><td><label for="iPTracking"><?= $this->getHtml('Tracking'); ?></label>
                             <tr><td><select id="iPTracking" name="tracking">
-                                        <option><?= $this->getText('None') ?>
-                                        <option><?= $this->getText('Lot') ?>
-                                        <option><?= $this->getText('SN') ?>
+                                        <option><?= $this->getHtml('None'); ?>
+                                        <option><?= $this->getHtml('Lot'); ?>
+                                        <option><?= $this->getHtml('SN'); ?>
                                     </select>
-                            <tr><td><label for="iPInfo"><?= $this->getText('Info') ?></label>
+                            <tr><td><label for="iPInfo"><?= $this->getHtml('Info'); ?></label>
                             <tr><td><textarea id="iPInfo" name="pinfo"></textarea>
                         </table>
                     </form>
@@ -325,64 +325,64 @@ echo $this->getData('nav')->render(); ?>
             </section>
 
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Price') ?></h1></header>
+                <header><h1><?= $this->getHtml('Price'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPName"><?= $this->getText('Name') ?></label>
+                            <tr><td><label for="iPName"><?= $this->getHtml('Name'); ?></label>
                             <tr><td><input id="iPName" name="pname" type="text" placeholder="">
-                            <tr><td><label for="iPQuantity"><?= $this->getText('Quantity') ?></label>
+                            <tr><td><label for="iPQuantity"><?= $this->getHtml('Quantity'); ?></label>
                             <tr><td><input id="iPQuantity" name="quantity" type="text" placeholder="">
-                            <tr><td><label for="iPrice"><?= $this->getText('Price') ?></label>
+                            <tr><td><label for="iPrice"><?= $this->getHtml('Price'); ?></label>
                             <tr><td><input id="iPrice" name="price" type="number" step="any" min="0" placeholder=""><td>
-                            <tr><td><label for="iDiscount"><?= $this->getText('Discount') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Discount'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iDiscount"><?= $this->getText('DiscountP') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('DiscountP'); ?></label>
                             <tr><td><input id="iDiscountP" name="discountp" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iBonus"><?= $this->getText('Bonus') ?></label>
+                            <tr><td><label for="iBonus"><?= $this->getHtml('Bonus'); ?></label>
                             <tr><td><input id="iBonus" name="bonus" type="number" step="any" min="0" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
             </section>
 
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Stock') ?></h1></header>
+                <header><h1><?= $this->getHtml('Stock'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPVariation"><?= $this->getText('Stock') ?></label>
+                            <tr><td><label for="iPVariation"><?= $this->getHtml('Stock'); ?></label>
                             <tr><td><select id="iPVariation" name="pvariation">
                                         <option value="0">
                                     </select>
-                            <tr><td><label for="iPName"><?= $this->getText('ReorderLevel') ?></label>
+                            <tr><td><label for="iPName"><?= $this->getHtml('ReorderLevel'); ?></label>
                             <tr><td><input id="iPName" name="pname" type="text" placeholder="">
-                            <tr><td><label for="iPName"><?= $this->getText('MinimumLevel') ?></label>
+                            <tr><td><label for="iPName"><?= $this->getHtml('MinimumLevel'); ?></label>
                             <tr><td><input id="iPName" name="pname" type="text" placeholder="">
-                            <tr><td><label for="iPName"><?= $this->getText('MaximumLevel') ?></label>
+                            <tr><td><label for="iPName"><?= $this->getHtml('MaximumLevel'); ?></label>
                             <tr><td><input id="iPName" name="pname" type="text" placeholder="">
-                            <tr><td><label for="iPName"><?= $this->getText('Leadtime') ?></label>
+                            <tr><td><label for="iPName"><?= $this->getHtml('Leadtime'); ?></label>
                             <tr><td><input id="iPName" name="pname" type="number" min="0" step="1" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Save', 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Save', 0); ?>">
                         </table>
                     </form>
                 </div>
             </section>
 
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Supplier') ?></h1></header>
+                <header><h1><?= $this->getHtml('Supplier'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPName"><?= $this->getText('Name') ?></label>
+                            <tr><td><label for="iPName"><?= $this->getHtml('Name'); ?></label>
                             <tr><td><input id="iPName" name="pname" type="text" placeholder="">
-                            <tr><td><label for="iPName"><?= $this->getText('Description') ?></label>
+                            <tr><td><label for="iPName"><?= $this->getHtml('Description'); ?></label>
                             <tr><td><textarea></textarea>
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -391,18 +391,18 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-6" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Accounting') ?></h1></header>
+                <header><h1><?= $this->getHtml('Accounting'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td colspan="2"><label for="iACostIndicator"><?= $this->getText('CostIndicator') ?></label>
+                            <tr><td colspan="2"><label for="iACostIndicator"><?= $this->getHtml('CostIndicator'); ?></label>
                             <tr><td><input id="iACostIndicator" name="costindicator" type="text" placeholder="">
-                            <tr><td colspan="2"><label for="iAEarningIndicator"><?= $this->getText('EarningIndicator') ?></label>
+                            <tr><td colspan="2"><label for="iAEarningIndicator"><?= $this->getHtml('EarningIndicator'); ?></label>
                             <tr><td><input id="iAEarningIndicator" name="earningindicator" type="text" placeholder="">
-                            <tr><td colspan="2"><label for="iACostIndicator"><?= $this->getText('CostCenter') ?></label>
+                            <tr><td colspan="2"><label for="iACostIndicator"><?= $this->getHtml('CostCenter'); ?></label>
                             <tr><td><input id="iACostIndicator" name="costindicator" type="text" placeholder="">
-                            <tr><td colspan="2"><label for="iAEarningIndicator"><?= $this->getText('CostObject') ?></label>
+                            <tr><td colspan="2"><label for="iAEarningIndicator"><?= $this->getHtml('CostObject'); ?></label>
                             <tr><td><input id="iAEarningIndicator" name="earningindicator" type="text" placeholder="">
                         </table>
                     </form>
@@ -412,18 +412,18 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-7" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Production') ?></h1></header>
+                <header><h1><?= $this->getHtml('Production'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPType"><?= $this->getText('Status') ?></label>
+                            <tr><td><label for="iPType"><?= $this->getHtml('Status'); ?></label>
                             <tr><td><select id="iPType" name="ptye">
                                         <option>
                                     </select>
-                            <tr><td><label for="iDiscount"><?= $this->getText('Makespan') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Makespan'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iPType"><?= $this->getText('TimeUnit') ?></label>
+                            <tr><td><label for="iPType"><?= $this->getHtml('TimeUnit'); ?></label>
                             <tr><td><select id="iPType" name="ptye">
                                         <option value="0">ms
                                         <option value="1">s
@@ -431,9 +431,9 @@ echo $this->getData('nav')->render(); ?>
                                         <option value="3">h
                                         <option value="4">d
                                     </select>
-                            <tr><td><label for="iPName"><?= $this->getText('Info') ?></label>
+                            <tr><td><label for="iPName"><?= $this->getHtml('Info'); ?></label>
                             <tr><td><textarea></textarea>
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -442,16 +442,16 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-8" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('StockList') ?></h1></header>
+                <header><h1><?= $this->getHtml('StockList'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iSource"><?= $this->getText('ID') ?></label>
+                            <tr><td><label for="iSource"><?= $this->getHtml('ID'); ?></label>
                             <tr><td><span class="input"><button type="button" formaction=""><i class="fa fa-book"></i></button><input id="iSource" name="source" type="text" placeholder=""></span>
-                            <tr><td><label for="iDiscount"><?= $this->getText('Quantity') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Quantity'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -460,7 +460,7 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-9" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('QM') ?></h1></header>
+                <header><h1><?= $this->getHtml('QM'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
@@ -473,30 +473,30 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-10" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Packaging') ?></h1></header>
+                <header><h1><?= $this->getHtml('Packaging'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPVariation"><?= $this->getText('Container') ?></label>
+                            <tr><td><label for="iPVariation"><?= $this->getHtml('Container'); ?></label>
                             <tr><td><select id="iPVariation" name="pvariation">
                                         <option value="0">
                                     </select>
-                            <tr><td><label for="iDiscount"><?= $this->getText('Quantity') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Quantity'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iDiscount"><?= $this->getText('GrossWeight') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('GrossWeight'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iDiscount"><?= $this->getText('NetWeight') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('NetWeight'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iDiscount"><?= $this->getText('Width') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Width'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iDiscount"><?= $this->getText('Height') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Height'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iDiscount"><?= $this->getText('Length') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Length'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><label for="iDiscount"><?= $this->getText('Volume') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Volume'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" step="any" min="0" placeholder="">
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -505,14 +505,14 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-11" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Media') ?></h1></header>
+                <header><h1><?= $this->getHtml('Media'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iDiscount"><?= $this->getText('Media') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Media'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="file" multiple>
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -521,12 +521,12 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-12" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Stock') ?></h1></header>
+                <header><h1><?= $this->getHtml('Stock'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPVariation"><?= $this->getText('ShelfLife') ?></label>
+                            <tr><td><label for="iPVariation"><?= $this->getHtml('ShelfLife'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="number" min="0" step="1">
                         </table>
                     </form>
@@ -534,22 +534,22 @@ echo $this->getData('nav')->render(); ?>
             </section>
 
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Stock') ?></h1></header>
+                <header><h1><?= $this->getHtml('Stock'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iPVariation"><?= $this->getText('Stock') ?></label>
+                            <tr><td><label for="iPVariation"><?= $this->getHtml('Stock'); ?></label>
                             <tr><td><select id="iPVariation" name="pvariation">
                                         <option value="0">
                                     </select>
-                            <tr><td><label for="iPVariation"><?= $this->getText('Warehouse') ?></label>
+                            <tr><td><label for="iPVariation"><?= $this->getHtml('Warehouse'); ?></label>
                             <tr><td><select id="iPVariation" name="pvariation">
                                         <option value="0">
                                     </select>
-                            <tr><td><label for="iPVariation"><?= $this->getText('Location') ?></label>
+                            <tr><td><label for="iPVariation"><?= $this->getHtml('Location'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="text"><!-- can also be empty if dynamically assigned instead of fixed -->
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -558,7 +558,7 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-13" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Disposal') ?></h1></header>
+                <header><h1><?= $this->getHtml('Disposal'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
@@ -571,14 +571,14 @@ echo $this->getData('nav')->render(); ?>
         <input type="radio" id="c-tab-14" name="tabular-2">
         <div class="tab">
             <section class="box w-33 floatLeft">
-                <header><h1><?= $this->getText('Files') ?></h1></header>
+                <header><h1><?= $this->getHtml('Files'); ?></h1></header>
                 <div class="inner">
                     <form action="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/api/...'); ?>" method="post">
                         <table class="layout wf-100">
                             <tbody>
-                            <tr><td><label for="iDiscount"><?= $this->getText('Files') ?></label>
+                            <tr><td><label for="iDiscount"><?= $this->getHtml('Files'); ?></label>
                             <tr><td><input id="iDiscount" name="discount" type="file" multiple>
-                            <tr><td><input type="submit" value="<?= $this->getText('Add', 0, 0) ?>">
+                            <tr><td><input type="submit" value="<?= $this->getHtml('Add', 0, 0); ?>">
                         </table>
                     </form>
                 </div>
@@ -594,24 +594,24 @@ echo $this->getData('nav')->render(); ?>
             ?>
             <div class="box w-100">
                 <table class="table red">
-                    <caption><?= $this->getText('Logs') ?></caption>
+                    <caption><?= $this->getHtml('Logs'); ?></caption>
                     <thead>
                     <tr>
                         <td>IP
-                        <td><?= $this->getText('ID', 0, 0); ?>
-                        <td><?= $this->getText('Name'); ?>
-                        <td class="wf-100"><?= $this->getText('Log'); ?>
-                        <td><?= $this->getText('Date'); ?>
+                        <td><?= $this->getHtml('ID', 0, 0); ?>
+                        <td><?= $this->getHtml('Name') ?>
+                        <td class="wf-100"><?= $this->getHtml('Log') ?>
+                        <td><?= $this->getHtml('Date') ?>
                     <tfoot>
                     <tr>
-                        <td colspan="6"><?= $footerView->render(); ?>
+                        <td colspan="6"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
                     <tbody>
                     <tr>
-                        <td><?= $this->request->getOrigin(); ?>
-                        <td><?= $this->request->getAccount(); ?>
-                        <td><?= $this->request->getAccount(); ?>
+                        <td><?= htmlspecialchars($this->request->getOrigin(), ENT_COMPAT, 'utf-8'); ?>
+                        <td><?= htmlspecialchars($this->request->getAccount(), ENT_COMPAT, 'utf-8'); ?>
+                        <td><?= htmlspecialchars($this->request->getAccount(), ENT_COMPAT, 'utf-8'); ?>
                         <td>Creating item
-                        <td><?= (new \DateTime('now'))->format('Y-m-d H:i:s') ?>
+                        <td><?= htmlspecialchars((new \DateTime('now'))->format('Y-m-d H:i:s') , ENT_COMPAT, 'utf-8'); ?>
                 </table>
             </div>
         </div>
diff --git a/Theme/Backend/purchase-item-list.tpl.php b/Theme/Backend/purchase-item-list.tpl.php
index 46b99aa..188290a 100644
--- a/Theme/Backend/purchase-item-list.tpl.php
+++ b/Theme/Backend/purchase-item-list.tpl.php
@@ -24,23 +24,23 @@ echo $this->getData('nav')->render(); ?>
     <div class="col-xs-12">
         <div class="box wf-100">
             <table class="table red">
-                <caption><?= $this->getText('Items') ?></caption>
+                <caption><?= $this->getHtml('Items'); ?></caption>
                 <thead>
                 <tr>
-                    <td><?= $this->getText('ID', 0, 0); ?>
-                    <td class="wf-100"><?= $this->getText('Name'); ?>
-                    <td><?= $this->getText('Price'); ?>
-                    <td><?= $this->getText('Available'); ?>
-                    <td><?= $this->getText('Reserved'); ?>
-                    <td><?= $this->getText('Ordered'); ?>
+                    <td><?= $this->getHtml('ID', 0, 0); ?>
+                    <td class="wf-100"><?= $this->getHtml('Name') ?>
+                    <td><?= $this->getHtml('Price') ?>
+                    <td><?= $this->getHtml('Available') ?>
+                    <td><?= $this->getHtml('Reserved') ?>
+                    <td><?= $this->getHtml('Ordered') ?>
                 <tfoot>
                 <tr>
-                    <td colspan="6"><?= $footerView->render(); ?>
+                    <td colspan="6"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
                 <tbody>
                 <?php $count = 0; foreach([] as $key => $value) : $count++; ?>
                 <?php endforeach; ?>
                 <?php if($count === 0) : ?>
-                <tr><td colspan="6" class="empty"><?= $this->getText('Empty', 0, 0); ?>
+                <tr><td colspan="6" class="empty"><?= $this->getHtml('Empty', 0, 0); ?>
                         <?php endif; ?>
             </table>
         </div>
diff --git a/Theme/Backend/sales-item-list.tpl.php b/Theme/Backend/sales-item-list.tpl.php
index 5a56a5b..8ab8acd 100644
--- a/Theme/Backend/sales-item-list.tpl.php
+++ b/Theme/Backend/sales-item-list.tpl.php
@@ -26,23 +26,23 @@ echo $this->getData('nav')->render(); ?>
     <div class="col-xs-12">
         <div class="box wf-100">
             <table class="table red">
-                <caption><?= $this->getText('Items') ?></caption>
+                <caption><?= $this->getHtml('Items'); ?></caption>
                 <thead>
                 <tr>
-                    <td><?= $this->getText('ID', 0, 0); ?>
-                    <td class="wf-100"><?= $this->getText('Name'); ?>
-                    <td><?= $this->getText('Price'); ?>
-                    <td><?= $this->getText('Available'); ?>
-                    <td><?= $this->getText('Reserved'); ?>
-                    <td><?= $this->getText('Ordered'); ?>
+                    <td><?= $this->getHtml('ID', 0, 0); ?>
+                    <td class="wf-100"><?= $this->getHtml('Name') ?>
+                    <td><?= $this->getHtml('Price') ?>
+                    <td><?= $this->getHtml('Available') ?>
+                    <td><?= $this->getHtml('Reserved') ?>
+                    <td><?= $this->getHtml('Ordered') ?>
                 <tfoot>
                 <tr>
-                    <td colspan="6"><?= $footerView->render(); ?>
+                    <td colspan="6"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
                 <tbody>
                 <?php $count = 0; foreach($items as $key => $value) : $count++; 
                 $url = \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/sales/item/single?{?}&id=' . $value->getId()); ?>
                 <tr data-href="<?= $url; ?>">
-                    <td><a href="<?= $url; ?>"><?= $value->getNumber(); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getNumber(), ENT_COMPAT, 'utf-8'); ?></a>
                     <td>
                     <td>
                     <td>
@@ -50,7 +50,7 @@ echo $this->getData('nav')->render(); ?>
                     <td>
                 <?php endforeach; ?>
                 <?php if($count === 0) : ?>
-                <tr><td colspan="6" class="empty"><?= $this->getText('Empty', 0, 0); ?>
+                <tr><td colspan="6" class="empty"><?= $this->getHtml('Empty', 0, 0); ?>
                         <?php endif; ?>
             </table>
         </div>
diff --git a/Theme/Backend/stock-list.tpl.php b/Theme/Backend/stock-list.tpl.php
index af5f950..87e573f 100644
--- a/Theme/Backend/stock-list.tpl.php
+++ b/Theme/Backend/stock-list.tpl.php
@@ -29,26 +29,26 @@ echo $this->getData('nav')->render(); ?>
     <div class="col-xs-12">
         <div class="box wf-100">
             <table class="table red">
-                <caption><?= $this->getText('Stock'); ?></caption>
+                <caption><?= $this->getHtml('Stock') ?></caption>
                 <thead>
                 <tr>
-                    <td><?= $this->getText('ID', 0, 0); ?>
-                    <td class="wf-100"><?= $this->getText('Article'); ?>
-                    <td><?= $this->getText('Quantity'); ?>
+                    <td><?= $this->getHtml('ID', 0, 0); ?>
+                    <td class="wf-100"><?= $this->getHtml('Article') ?>
+                    <td><?= $this->getHtml('Quantity') ?>
                 <tfoot>
-                <tr><td colspan="8"><?= $footerView->render(); ?>
+                <tr><td colspan="8"><?= htmlspecialchars($footerView->render(), ENT_COMPAT, 'utf-8'); ?>
                 <tbody>
                 <?php $c = 0; foreach ([] as $key => $value) : $c++;
                 $url = \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/business/department/profile?{?}&id=' . $value->getId()); ?>
                 <tr>
-                    <td><a href="<?= $url; ?>"><?= $value->getId(); ?></a>
-                    <td><a href="<?= $url; ?>"><?= $value->getName(); ?></a>
-                    <td><a href="<?= $url; ?>"><?= $value->getParent(); ?></a>
-                    <td><a href="<?= $url; ?>"><?= $value->getUnit(); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getId(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getName(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getParent(), ENT_COMPAT, 'utf-8'); ?></a>
+                    <td><a href="<?= $url; ?>"><?= htmlspecialchars($value->getUnit(), ENT_COMPAT, 'utf-8'); ?></a>
                         <?php endforeach; ?>
                         <?php if($c === 0) : ?>
                 <tr>
-                    <td colspan="8" class="empty"><?= $this->getText('Empty', 0, 0); ?>
+                    <td colspan="8" class="empty"><?= $this->getHtml('Empty', 0, 0); ?>
                         <?php endif; ?>
             </table>
         </div>