From 654e3f7381054afe91d85299a731094a1985ac8e Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Mon, 11 Jun 2018 11:50:17 +0200
Subject: [PATCH] Use escape smarty modifier to enforce security

---
 public_html/templates/default/LSform.tpl      | 32 +++++-----
 .../templates/default/LSformElement.tpl       |  2 +-
 .../default/LSformElement_boolean_field.tpl   |  4 +-
 .../default/LSformElement_date_field.tpl      |  4 +-
 .../templates/default/LSformElement_field.tpl |  4 +-
 .../default/LSformElement_image_field.tpl     |  2 +-
 .../LSformElement_jsonCompositeAttribute.tpl  |  2 +-
 ...rmElement_jsonCompositeAttribute_field.tpl | 24 ++++----
 .../default/LSformElement_labeledValue.tpl    |  2 +-
 .../LSformElement_labeledValue_field.tpl      | 14 ++---
 .../default/LSformElement_mailQuota_field.tpl | 10 ++--
 .../default/LSformElement_maildir_field.tpl   |  4 +-
 .../default/LSformElement_password.tpl        |  2 +-
 .../default/LSformElement_password_field.tpl  |  6 +-
 .../default/LSformElement_quota_field.tpl     | 12 ++--
 .../default/LSformElement_select.tpl          | 12 ++--
 .../default/LSformElement_select_box.tpl      | 12 ++--
 .../default/LSformElement_select_object.tpl   |  2 +-
 .../LSformElement_select_object_field.tpl     |  6 +-
 .../default/LSformElement_ssh_key.tpl         |  2 +-
 .../default/LSformElement_ssh_key_field.tpl   |  8 +--
 ...LSformElement_supannCompositeAttribute.tpl |  2 +-
 ...Element_supannCompositeAttribute_field.tpl | 18 +++---
 .../LSformElement_supannLabeledValue.tpl      |  2 +-
 ...LSformElement_supannLabeledValue_field.tpl | 14 ++---
 .../default/LSformElement_text_field.tpl      |  4 +-
 .../default/LSformElement_textarea_field.tpl  |  4 +-
 .../default/LSformElement_uri_field.tpl       |  8 +--
 .../LSformElement_valueWithUnit_field.tpl     | 16 ++---
 public_html/templates/default/LSform_view.tpl | 22 +++----
 public_html/templates/default/LSmail.tpl      | 18 +++---
 public_html/templates/default/LSrelations.tpl | 10 ++--
 public_html/templates/default/blank.tpl       |  2 +-
 public_html/templates/default/create.tpl      |  4 +-
 public_html/templates/default/import.tpl      | 16 ++---
 public_html/templates/default/login.tpl       | 20 +++----
 public_html/templates/default/modify.tpl      |  4 +-
 public_html/templates/default/question.tpl    |  8 +--
 .../templates/default/recoverpassword.tpl     | 16 ++---
 public_html/templates/default/redirect.tpl    |  2 +-
 public_html/templates/default/select.tpl      | 18 +++---
 .../templates/default/select_table.tpl        | 30 +++++-----
 public_html/templates/default/top.tpl         | 16 ++---
 public_html/templates/default/view.tpl        |  4 +-
 public_html/templates/default/viewSearch.tpl  | 60 +++++++++----------
 45 files changed, 242 insertions(+), 242 deletions(-)

diff --git a/public_html/templates/default/LSform.tpl b/public_html/templates/default/LSform.tpl
index 9d943e7f..ae6d2b4d 100644
--- a/public_html/templates/default/LSform.tpl
+++ b/public_html/templates/default/LSform.tpl
@@ -1,46 +1,46 @@
-<form action='{$LSform_action}' method='post' enctype="multipart/form-data" class='LSform'>
+<form action='{$LSform_action|escape:"quotes"}' method='post' enctype="multipart/form-data" class='LSform'>
 {$LSform_header}
 {if $LSform_layout}
   <!-- Tabs - Start Title -->
   <ul class='LSform_layout'>
   {foreach from=$LSform_layout item=tab key=tab_key}
-    <li class='LSform_layout' id='LSform_layout_btn_{$tab_key}'><a href="#{$tab_key}">{tr msg=$tab.label}</a></li>
+    <li class='LSform_layout' id='LSform_layout_btn_{$tab_key|escape:"quotes"}'><a href='#{$tab_key|escape:"quotes"}'>{tr msg=$tab.label}</a></li>
   {/foreach}
   </ul>
   <!-- Tabs - End Title -->
 
   <!-- Tabs - Start Content -->
   {foreach from=$LSform_layout item=tab key=tab_key}
-    <a name='{$tab_key}'></a>
+    <a name='{$tab_key|escape:'quotes'}'></a>
     <h2 class='LSform_layout'>{tr msg=$tab.label}</h2>
-    <div class='LSform LSform_layout' id='LSform_layout_div_{$tab_key}'>
+    <div class='LSform LSform_layout' id='LSform_layout_div_{$tab_key|escape:'quotes'}'>
       {if $LSformElement_image!='' && $tab.img==1}
       <div class='LSformElement_image{if $LSformElement_image_errors} LSformElement_image_errors{/if}'>
         {if $LSformElement_image_actions!='' && !$LSformElement_image_errors}
         <ul class='LSformElement_image_actions'>
-            <li><img src='{img name="zoom"}' class='LSformElement_image_actions LSformElement_image_action_zoom' id='LSformElement_image_action_zoom_{$LSformElement_image.id}' /></li>
+            <li><img src='{img name="zoom"}' class='LSformElement_image_actions LSformElement_image_action_zoom' id='LSformElement_image_action_zoom_{$LSformElement_image.id|escape:'quotes'}' /></li>
           {foreach from=$LSformElement_image_actions item=item}
-            <li><img src='{img name=$item}' class='LSformElement_image_actions LSformElement_image_action_{$item}' id='LSformElement_image_action_{$item}_{$LSformElement_image.id}' /></li>
+            <li><img src='{img name=$item}' class='LSformElement_image_actions LSformElement_image_action_{$item|escape:'quotes'}' id='LSformElement_image_action_{$item|escape:'quotes'}_{$LSformElement_image.id|escape:'quotes'}' /></li>
           {/foreach}
         </ul>
         {/if}
-        <img src='{$LSformElement_image.img}' class='LSformElement_image LSsmoothbox' id='LSformElement_image_{$LSformElement_image.id}' />
+        <img src='{$LSformElement_image.img|escape:'quotes'}' class='LSformElement_image LSsmoothbox' id='LSformElement_image_{$LSformElement_image.id|escape:'quotes'}' />
       </div>
       {/if}
       
       <dl class='LSform'>
         {foreach from=$tab.args item=arg}
           {if $LSform_fields[$arg]}
-            <dt class='LSform{if $LSform_fields[$arg].errors != ''} LSform-errors{/if}'>{$LSform_fields[$arg].label}{if $LSform_fields[$arg].required} *{/if}{if $LSform_fields[$arg].help_info!=""} <img class='LStips' src="{img name='help'}" alt='?' title="{$LSform_fields[$arg].help_info}"/>{/if}</dt>
+            <dt class='LSform{if $LSform_fields[$arg].errors != ''} LSform-errors{/if}'>{$LSform_fields[$arg].label}{if $LSform_fields[$arg].required} *{/if}{if $LSform_fields[$arg].help_info!=""} <img class='LStips' src="{img name='help'}" alt='?' title='{$LSform_fields[$arg].help_info|escape:'quotes'}'/>{/if}</dt>
             <dd class='LSform'>{$LSform_fields[$arg].html}{if $LSform_fields[$arg].add != ''} <span class='LSform-addfield'>+ Ajouter un champ</span>{/if}</dd>
             {if $LSform_fields[$arg].errors != ''}
               {foreach from=$LSform_fields[$arg].errors item=error}
-              <dd class='LSform LSform-errors'>{$error}</dd>
+              <dd class='LSform LSform-errors'>{$error|escape:'htmlall'}</dd>
               {/foreach}
             {/if}
           {/if}
         {/foreach}
-        <dd class='LSform'><input type='submit' value='{$LSform_submittxt}' class='LSform' /></dd>
+        <dd class='LSform'><input type='submit' value='{$LSform_submittxt|escape:'quotes'}' class='LSform' /></dd>
       </dl>
       
     </div>
@@ -51,28 +51,28 @@
     <div class='LSformElement_image{if $LSformElement_image_errors} LSformElement_image_errors{/if}'>
       {if $LSformElement_image_actions!='' && !$LSformElement_image_errors}
       <ul class='LSformElement_image_actions'>
-          <li><img src='{img name='zoom'}' class='LSformElement_image_actions LSformElement_image_action_zoom' id='LSformElement_image_action_zoom_{$LSformElement_image.id}' /></li>
+          <li><img src='{img name='zoom'}' class='LSformElement_image_actions LSformElement_image_action_zoom' id='LSformElement_image_action_zoom_{$LSformElement_image.id|escape:'quotes'}' /></li>
         {foreach from=$LSformElement_image_actions item=item}
-          <li><img src='{img name=$item}' class='LSformElement_image_actions LSformElement_image_action_{$item}' id='LSformElement_image_action_{$item}_{$LSformElement_image.id}' /></li>
+          <li><img src='{img name=$item}' class='LSformElement_image_actions LSformElement_image_action_{$item|escape:'quotes'}' id='LSformElement_image_action_{$item|escape:'quotes'}_{$LSformElement_image.id|escape:'quotes'}' /></li>
         {/foreach}
       </ul>
       {/if}
-      <img src='{$LSformElement_image.img}' class='LSformElement_image LSsmoothbox' id='LSformElement_image_{$LSformElement_image.id}' />
+      <img src='{$LSformElement_image.img|escape:'quotes'}' class='LSformElement_image LSsmoothbox' id='LSformElement_image_{$LSformElement_image.id|escape:'quotes'}' />
     </div>
   {/if}
   
   <div class='LSform'>
     <dl class='LSform'>
       {foreach from=$LSform_fields item=field}
-      <dt class='LSform{if $field.errors != ''} LSform-errors{/if}'>{$field.label}{if $field.required} *{/if}{if $field.help_info!=""} <img class='LStips' src="{img name='help'}" alt='?' title="{$field.help_info}"/>{/if}</dt>
+      <dt class='LSform{if $field.errors != ''} LSform-errors{/if}'>{$field.label}{if $field.required} *{/if}{if $field.help_info!=""} <img class='LStips' src="{img name='help'}" alt='?' title='{$field.help_info|escape:'quotes'}'/>{/if}</dt>
       <dd class='LSform'>{$field.html}{if $field.add != ''} <span class='LSform-addfield'>+ Ajouter un champ</span>{/if}</dd>
       {if $field.errors != ''}
         {foreach from=$field.errors item=error}
-        <dd class='LSform LSform-errors'>{$error}</dd>
+        <dd class='LSform LSform-errors'>{$error|escape:'htmlall'}</dd>
         {/foreach}
       {/if}
       {/foreach}
-      <dd class='LSform'><input type='submit' value='{$LSform_submittxt}' class='LSform' /></dd>
+      <dd class='LSform'><input type='submit' value='{$LSform_submittxt|escape:"quotes"}' class='LSform' /></dd>
     </dl>
   </div>
   
diff --git a/public_html/templates/default/LSformElement.tpl b/public_html/templates/default/LSformElement.tpl
index 5cd9d850..3b762471 100644
--- a/public_html/templates/default/LSformElement.tpl
+++ b/public_html/templates/default/LSformElement.tpl
@@ -1,4 +1,4 @@
-<ul class='LSform{if $multiple && !$freeze} LSformElement_multiple'{/if}' id='{$attr_name}'>
+<ul class='LSform{if $multiple && !$freeze} LSformElement_multiple'{/if}' id='{$attr_name|escape:"quotes"}'>
   {foreach from=$values item=value}
     <li>{include file="ls:$fieldTemplate"}</li>
   {foreachelse}
diff --git a/public_html/templates/default/LSformElement_boolean_field.tpl b/public_html/templates/default/LSformElement_boolean_field.tpl
index 36a877e3..30bc1678 100644
--- a/public_html/templates/default/LSformElement_boolean_field.tpl
+++ b/public_html/templates/default/LSformElement_boolean_field.tpl
@@ -1,5 +1,5 @@
 {if $freeze}
-{if $value=='yes'}{$yesTxt}{elseif $value=='no'}{$noTxt}{else}{$noValueTxt}{/if}
+{if $value=='yes'}{$yesTxt|escape:"htmlall"}{elseif $value=='no'}{$noTxt|escape:"htmlall"}{else}{$noValueTxt|escape:"htmlall"}{/if}
 {else}
-<input type='radio' value='yes' name='{$attr_name}[0]' {if $value=='yes'}checked="true"{/if} />{$yesTxt} <input type='radio' value='no' name='{$attr_name}[0]' {if $value=='no'}checked="true"{/if} /> {$noTxt}
+<input type='radio' value='yes' name='{$attr_name|escape:"quotes"}[0]' {if $value=='yes'}checked="true"{/if} />{$yesTxt|escape:"htmlall"} <input type='radio' value='no' name='{$attr_name|escape:"quotes"}[0]' {if $value=='no'}checked="true"{/if} /> {$noTxt|escape:"htmlall"}
 {/if}
diff --git a/public_html/templates/default/LSformElement_date_field.tpl b/public_html/templates/default/LSformElement_date_field.tpl
index d2ffd173..018138bd 100644
--- a/public_html/templates/default/LSformElement_date_field.tpl
+++ b/public_html/templates/default/LSformElement_date_field.tpl
@@ -1,5 +1,5 @@
 {if $freeze}
-  {if $value}{$value}{else}{$noValueTxt}{/if}
+  {if $value}{$value|escape:"htmlall"}{else}{$noValueTxt|escape:"htmlall"}{/if}
 {else}
-  <input type='text' name='{$attr_name}[]' value="{$value}" class='LSformElement_date' autocomplete="off">
+  <input type='text' name='{$attr_name|escape:"quotes"}[]' value='{$value|escape:'quotes'}' class='LSformElement_date' autocomplete="off">
 {/if}
diff --git a/public_html/templates/default/LSformElement_field.tpl b/public_html/templates/default/LSformElement_field.tpl
index 00604059..219c552d 100644
--- a/public_html/templates/default/LSformElement_field.tpl
+++ b/public_html/templates/default/LSformElement_field.tpl
@@ -1,5 +1,5 @@
 {if $freeze}
-{if $value}{$value}{else}{$noValueTxt}{/if}
+{if $value}{$value|escape:"htmlall"}{else}{$noValueTxt|escape:"htmlall"}{/if}
 {else}
-<input type='text' name='{$attr_name}[]' value="{$value}" autocomplete="off"/>
+<input type='text' name='{$attr_name|escape:"quotes"}[]' value='{$value|escape:"quotes"}' autocomplete="off"/>
 {/if}
diff --git a/public_html/templates/default/LSformElement_image_field.tpl b/public_html/templates/default/LSformElement_image_field.tpl
index 5ce43646..e6cc36f2 100644
--- a/public_html/templates/default/LSformElement_image_field.tpl
+++ b/public_html/templates/default/LSformElement_image_field.tpl
@@ -1,3 +1,3 @@
 {if !$freeze}
-  <input type='file' name='{$attr_name}' class='LSform' id='{$id}' />
+  <input type='file' name='{$attr_name|escape:"quotes"}' class='LSform' id='{$id|escape:"quotes"}' />
 {/if}
diff --git a/public_html/templates/default/LSformElement_jsonCompositeAttribute.tpl b/public_html/templates/default/LSformElement_jsonCompositeAttribute.tpl
index 7c1cccd9..8a5f3d8a 100644
--- a/public_html/templates/default/LSformElement_jsonCompositeAttribute.tpl
+++ b/public_html/templates/default/LSformElement_jsonCompositeAttribute.tpl
@@ -1,4 +1,4 @@
-<ul class='LSform {if $multiple && !$freeze} LSformElement_multiple{/if} LSformElement_jsonCompositeAttribute' id='{$attr_name}' data-fieldType="{$fieldType}">
+<ul class='LSform {if $multiple && !$freeze} LSformElement_multiple{/if} LSformElement_jsonCompositeAttribute' id='{$attr_name|escape:"quotes"}' data-fieldType='{$fieldType|escape:"quotes"}'>
 	{foreach from=$parseValues item=parseValue}
 	  <li>{include file="ls:$fieldTemplate"}</li>
 	{foreachelse}
diff --git a/public_html/templates/default/LSformElement_jsonCompositeAttribute_field.tpl b/public_html/templates/default/LSformElement_jsonCompositeAttribute_field.tpl
index 8b58d99e..0c8d92e7 100644
--- a/public_html/templates/default/LSformElement_jsonCompositeAttribute_field.tpl
+++ b/public_html/templates/default/LSformElement_jsonCompositeAttribute_field.tpl
@@ -7,33 +7,33 @@
 		<ul>
 		{if $cconf.multiple && is_array($parseValue[$c])}
 			{foreach from=$parseValue[$c] item=cval}
-				<li><span title="{$cval.value}">{$cval.translated}</span></li>
+				<li><span title='{$cval.value|escape:"quotes"}'>{$cval.translated|escape:"htmlall"}</span></li>
 			{/foreach}
 		{else}
-			<li><span title="{$parseValue[$c].value}">{$parseValue[$c].translated}</span></li>
+			<li><span title='{$parseValue[$c].value|escape:"htmlall"}'>{$parseValue[$c].translated|escape:"htmlall"}</span></li>
 		{/if}
 		</ul>
     </div>
   {/foreach}
   {else}
-  {$noValueTxt}
+  {$noValueTxt|escape:"htmlall"}
   {/if}
 {else}
   {uniqid var="uuid"}
-  <input type='hidden' name="{$attr_name}__values_uuid[]" value="{$uuid}" />
+  <input type='hidden' name='{$attr_name|escape:"quotes"}__values_uuid[]' value='{$uuid|escape:"quotes"}' />
   {foreach from=$components key=c item=cconf name=components}
-    <div data-component="{$c}" data-uuid="{$uuid}">
+    <div data-component='{$c|escape:"quotes"}' data-uuid='{$uuid|escape:"quotes"}'>
 		<label>
 			{tr msg=$cconf.label}{if $cconf.required}*{/if}
-			{if $cconf.help_info}<img class='LStips' src="{img name='help'}" alt='?' title="{$cconf.help_info}"/>{/if}
+			{if $cconf.help_info}<img class='LStips' src="{img name='help'}" alt='?' title='{$cconf.help_info|escape:"quotes"}'/>{/if}
 			:
 		</label>
 		{if $cconf.type=='select_list'}
-			<select name='{$attr_name}__{$c}__{$uuid}[]' {if $cconf.multiple}multiple{/if}>
+			<select name='{$attr_name|escape:"quotes"}__{$c|escape:"quotes"}__{$uuid|escape:"quotes"}[]' {if $cconf.multiple}multiple{/if}>
 				{foreach from=$cconf.possible_values key=key item=label}
 					{if is_array($label)}
 						{if count($label.possible_values)>0}
-						<optgroup label="{$label.label}">
+						<optgroup label='{$label.label|escape:"quotes"}'>
 							{if $cconf.multiple && is_array($parseValue[$c])}
 								{html_options options=$label.possible_values selected=$parseValue[$c]}
 							{else}
@@ -52,7 +52,7 @@
 								{assign var="selected" value=1}
 							{/if}
 						{/if}
-						<option value="{$key}" {if $selected == 1}selected{/if}>{$label}</option>
+						<option value='{$key|escape:"quotes"}' {if $selected == 1}selected{/if}>{$label|escape:"htmlall"}</option>
 					{/if}
 				{/foreach}
 			</select>
@@ -60,12 +60,12 @@
 			<ul>
 			{if $cconf.multiple && is_array($parseValue[$c])}
 				{foreach from=$parseValue[$c] item=cval}
-				<li><input type='text' name='{$attr_name}__{$c}__{$uuid}[]' value='{$cval.value|escape:"quotes"}'/></li>
+				<li><input type='text' name='{$attr_name|escape:"quotes"}__{$c|escape:"quotes"}__{$uuid|escape:"quotes"}[]' value='{$cval.value|escape:"quotes"}'/></li>
 				{foreachelse}
-				<li><input type='text' name='{$attr_name}__{$c}__{$uuid}[]' value=''/></li>
+				<li><input type='text' name='{$attr_name|escape:"quotes"}__{$c|escape:"quotes"}__{$uuid|escape:"quotes"}[]' value=''/></li>
 				{/foreach}
 			{else}
-				<li><input type='text' name='{$attr_name}__{$c}__{$uuid}[]' value='{if $parseValue and $parseValue[$c]}{$parseValue[$c].value|escape:"quotes"}{/if}'/></li>
+				<li><input type='text' name='{$attr_name|escape:"quotes"}__{$c|escape:"quotes"}__{$uuid|escape:"quotes"}[]' value='{if $parseValue and $parseValue[$c]}{$parseValue[$c].value|escape:"quotes"}{/if}'/></li>
 			{/if}
 			</ul>
 		{/if}
diff --git a/public_html/templates/default/LSformElement_labeledValue.tpl b/public_html/templates/default/LSformElement_labeledValue.tpl
index 40a75c60..45ffa1d8 100644
--- a/public_html/templates/default/LSformElement_labeledValue.tpl
+++ b/public_html/templates/default/LSformElement_labeledValue.tpl
@@ -1,4 +1,4 @@
-<ul class='LSform {if $multiple && !$freeze} LSformElement_multiple{/if} LSformElement_labeledValue' id='{$attr_name}' data-fieldType="{$fieldType}">
+<ul class='LSform {if $multiple && !$freeze} LSformElement_multiple{/if} LSformElement_labeledValue' id='{$attr_name|escape:"quotes"}' data-fieldType='{$fieldType|escape:"quotes"}'>
 	{foreach from=$parseValues item=parseValue}
 	  <li>{include file="ls:$fieldTemplate"}</li>
 	{foreachelse}
diff --git a/public_html/templates/default/LSformElement_labeledValue_field.tpl b/public_html/templates/default/LSformElement_labeledValue_field.tpl
index e920c708..3c210fec 100644
--- a/public_html/templates/default/LSformElement_labeledValue_field.tpl
+++ b/public_html/templates/default/LSformElement_labeledValue_field.tpl
@@ -2,20 +2,20 @@
   {if isset($parseValue)}
     {if $parseValue.label}
       {if $parseValue.translated_label}
-        <span title='[{$parseValue.label|escape:'quotes'}]'>{$parseValue.translated_label}</span>
+        <span title='[{$parseValue.label|escape:'htmlall'}]'>{$parseValue.translated_label|escape:"htmlall"}</span>
       {else}
-        <span>{$parseValue.label} {$unrecognizedLabelTxt}</span>
+        <span>{$parseValue.label|escape:"htmlall"} {$unrecognizedLabelTxt|escape:"htmlall"}</span>
       {/if}
-      : <span>{$parseValue.value}</span>
+      : <span>{$parseValue.value|escape:"htmlall"}</span>
     {else}
-      <span>{$parseValue.raw_value}</span> {$unrecognizedValueTxt}
+      <span>{$parseValue.raw_value|escape:"htmlall"}</span> {$unrecognizedValueTxt|escape:"htmlall"}
     {/if}
   {else}
-    {$noValueTxt}
+    {$noValueTxt|escape:"htmlall"}
   {/if}
 {else}
-  <select name='{$attr_name}_labels[]' class='LSformElement_labeledValue'>
+  <select name='{$attr_name|escape:"quotes"}_labels[]' class='LSformElement_labeledValue'>
     {html_options options=$labels selected=$parseValue.label}
   </select>
-  <input type="text" name='{$attr_name}_values[]' class='LSformElement_labeledValue' value='{if $parseValue.value}{$parseValue.value|escape:'quotes'}{else}{$parseValue.raw_value|escape:'quotes'}{/if}'/>
+  <input type="text" name='{$attr_name|escape:"quotes"}_values[]' class='LSformElement_labeledValue' value='{if $parseValue.value}{$parseValue.value|escape:'quotes'}{else}{$parseValue.raw_value|escape:'quotes'}{/if}'/>
 {/if}
diff --git a/public_html/templates/default/LSformElement_mailQuota_field.tpl b/public_html/templates/default/LSformElement_mailQuota_field.tpl
index edae538e..fa54fa8d 100644
--- a/public_html/templates/default/LSformElement_mailQuota_field.tpl
+++ b/public_html/templates/default/LSformElement_mailQuota_field.tpl
@@ -3,17 +3,17 @@
     {if $quotas[$value].unknown}
       <span class='LSformElement_mailQuota_unknown'>Valeur incorrecte</span>
     {else}
-      {$quotas[$value].valueTxt}
+      {$quotas[$value].valueTxt|escape:"htmlall"}
     {/if}
   {else}
-    {$noValueTxt}
+    {$noValueTxt|escape:"htmlall"}
   {/if}
 {else}
-  <input name='{$attr_name}_size[]' type=text class='LSformElement_mailQuota' value="{$quotas[$value].valueSize}"/>
-  <select name='{$attr_name}_sizeFact[]' class='LSform LSformElement_mailQuota'>
+  <input name='{$attr_name|escape:"quotes"}_size[]' type=text class='LSformElement_mailQuota' value='{$quotas[$value].valueSize|escape:"quotes"}'/>
+  <select name='{$attr_name|escape:"quotes"}_sizeFact[]' class='LSform LSformElement_mailQuota'>
     {html_options options=$sizeFacts selected=$quotas[$value].valueSizeFact}
   </select>
   {if $quotas[$value].unknown}
-    <span class='LSformElement_mailQuota_unknown'>Valeur incorrecte</span>
+    <span class='LSformElement_mailQuota_unknown'>{tr msg="Incorrect value"}</span>
   {/if}
 {/if}
diff --git a/public_html/templates/default/LSformElement_maildir_field.tpl b/public_html/templates/default/LSformElement_maildir_field.tpl
index 2c5cd30e..f02bd244 100644
--- a/public_html/templates/default/LSformElement_maildir_field.tpl
+++ b/public_html/templates/default/LSformElement_maildir_field.tpl
@@ -1,5 +1,5 @@
 {if $freeze}
-<span class='LSformElement_text LSformElement_maildir'>{if $value}{$value}{else}{$noValueTxt}{/if}</span><input type='hidden' name='{$attr_name}[]' class='LSformElement_text LSformElement_maildir' value="{$value}"/>
+<span class='LSformElement_text LSformElement_maildir'>{if $value}{$value|escape:"htmlall"}{else}{$noValueTxt|escape:"htmlall"}{/if}</span><input type='hidden' name='{$attr_name|escape:"quotes"}[]' class='LSformElement_text LSformElement_maildir' value='{$value|escape:"quotes"}'/>
 {else}
-<input type='text' name='{$attr_name}[]' class='LSformElement_text LSformElement_maildir' value="{$value}" autocomplete="off"/>
+<input type='text' name='{$attr_name|escape:"quotes"}[]' class='LSformElement_text LSformElement_maildir' value='{$value|escape:"quotes"}' autocomplete="off"/>
 {/if}
diff --git a/public_html/templates/default/LSformElement_password.tpl b/public_html/templates/default/LSformElement_password.tpl
index 5e8110aa..8f86afcd 100644
--- a/public_html/templates/default/LSformElement_password.tpl
+++ b/public_html/templates/default/LSformElement_password.tpl
@@ -1,3 +1,3 @@
-<ul class='LSform' id='{$attr_name}'>
+<ul class='LSform' id='{$attr_name|escape:"quotes"}'>
   <li>{include file="ls:$fieldTemplate"}</li>
 </ul>
diff --git a/public_html/templates/default/LSformElement_password_field.tpl b/public_html/templates/default/LSformElement_password_field.tpl
index d94ae051..cc140d86 100644
--- a/public_html/templates/default/LSformElement_password_field.tpl
+++ b/public_html/templates/default/LSformElement_password_field.tpl
@@ -1,13 +1,13 @@
 {if $freeze}
 {if $clearView}
-{$pwd}
+{$pwd|escape:"htmlall"}
 {else}
 ********
 {/if}
 {else}
 {if $clearEdit}
-<input type='text' name='{$attr_name}[]' value="{$pwd}" class='LSformElement_password' autocomplete="off"/>
+<input type='text' name='{$attr_name|escape:"quotes"}[]' value='{$pwd|escape:"quotes"}' class='LSformElement_password' autocomplete="off"/>
 {else}
-<input type='password' name='{$attr_name}[]' value="{$pwd}" class='LSformElement_password' autocomplete="off"/>
+<input type='password' name='{$attr_name|escape:"quotes"}[]' value='{$pwd|escape:"quotes"}' class='LSformElement_password' autocomplete="off"/>
 {/if}
 {/if}
diff --git a/public_html/templates/default/LSformElement_quota_field.tpl b/public_html/templates/default/LSformElement_quota_field.tpl
index c7afd21b..4da4f767 100644
--- a/public_html/templates/default/LSformElement_quota_field.tpl
+++ b/public_html/templates/default/LSformElement_quota_field.tpl
@@ -1,19 +1,19 @@
 {if $freeze}
   {if $value}
     {if $quotas[$value].unknown}
-      <span class='LSformElement_quota_unknown'>{$quotas[$value].unknown}</span>
+      <span class='LSformElement_quota_unknown'>{$quotas[$value].unknown|escape:"htmlall"}</span>
     {else}
-      {$quotas[$value].valueTxt}
+      {$quotas[$value].valueTxt|escape:"htmlall"}
     {/if}
   {else}
-    {$noValueTxt}
+    {$noValueTxt|escape:"htmlall"}
   {/if}
 {else}
-  <input name='{$attr_name}_size[]' type=text class='LSformElement_quota' value="{$quotas[$value].valueSize}"/>
-  <select name='{$attr_name}_sizeFact[]' class='LSform LSformElement_quota'>
+  <input name='{$attr_name|escape:"quotes"}_size[]' type=text class='LSformElement_quota' value='{$quotas[$value].valueSize|escape:"quotes"}'/>
+  <select name='{$attr_name|escape:"quotes"}_sizeFact[]' class='LSform LSformElement_quota'>
     {html_options options=$sizeFacts selected=$quotas[$value].valueSizeFact}
   </select>
   {if $quotas[$value].unknown}
-    <span class='LSformElement_quota_unknown'>{$quotas[$value].unknown}</span>
+    <span class='LSformElement_quota_unknown'>{$quotas[$value].unknown|escape:"htmlall"}</span>
   {/if}
 {/if}
diff --git a/public_html/templates/default/LSformElement_select.tpl b/public_html/templates/default/LSformElement_select.tpl
index 0fbbbda7..a303215a 100644
--- a/public_html/templates/default/LSformElement_select.tpl
+++ b/public_html/templates/default/LSformElement_select.tpl
@@ -1,27 +1,27 @@
-<ul class='LSform' id='{$attr_name}'>
+<ul class='LSform' id='{$attr_name|escape:"quotes"}'>
 {if $freeze}
   {foreach from=$values item=value}
     {LSformElement_select_checkIsValidValue value=$value possible_values=$possible_values}
     {if $LSformElement_select_isValidValue}
-    <li>{$LSformElement_select_isValidValue_label}</li>
+    <li>{$LSformElement_select_isValidValue_label|escape:"htmlall"}</li>
     {else}
     <li class='LSform-errors'>{getFData format=$unrecognized_value_label_format data=$value}</li>
     {/if}
   {foreachelse}
-    <li>{$noValueTxt}</li>
+    <li>{$noValueTxt|escape:"htmlall"}</li>
   {/foreach}
 {else}
   <li>
-    <select name='{$attr_name}[]' {if $multiple}multiple{/if} class='LSformElement_select'>
+    <select name='{$attr_name|escape:"quotes"}[]' {if $multiple}multiple{/if} class='LSformElement_select'>
       {foreach from=$possible_values key=key item=label}
         {if is_array($label)}
           {if count($label.possible_values)>0}
-          <optgroup label="{$label.label}">
+          <optgroup label='{$label.label|escape:"quotes"}'>
             {html_options options=$label.possible_values selected=$values}
           </optgroup>
           {/if}
         {else}
-          <option value="{$key}" {if in_array($key,$values)}selected{/if}>{$label}</option>
+          <option value='{$key|escape:"quotes"}' {if in_array($key,$values)}selected{/if}>{$label|escape:"htmlall"}</option>
         {/if}
       {/foreach}
     </select>
diff --git a/public_html/templates/default/LSformElement_select_box.tpl b/public_html/templates/default/LSformElement_select_box.tpl
index 2a4720d9..250a70cd 100644
--- a/public_html/templates/default/LSformElement_select_box.tpl
+++ b/public_html/templates/default/LSformElement_select_box.tpl
@@ -1,25 +1,25 @@
-<ul class='LSform' id='{$attr_name}'>
+<ul class='LSform' id='{$attr_name|escape:"quotes"}'>
 {if $freeze}
   {foreach from=$values item=value}
     {LSformElement_select_checkIsValidValue value=$value possible_values=$possible_values}
     {if $LSformElement_select_isValidValue}
-    <li>{$LSformElement_select_isValidValue_label}</li>
+    <li>{$LSformElement_select_isValidValue_label|escape:"htmlall"}</li>
     {else}
     <li class='LSform-errors'>{getFData format=$unrecognized_value_label_format data=$value}</li>
     {/if}
   {foreachelse}
-    <li>{$noValueTxt}</li>
+    <li>{$noValueTxt|escape:"htmlall"}</li>
   {/foreach}
 {else}
     {foreach from=$possible_values item=label key=value name=LSformElement_selectbox}
       {if is_array($label)}
         {if count($label.possible_values)>0}
         <li>
-          <span class='LSformElement_selectbox_sub_values_label'>{$label.label} :</span>
+          <span class='LSformElement_selectbox_sub_values_label'>{$label.label|escape:"htmlall"} :</span>
           <ul class='LSformElement_selectbox_sub_values'>
             {foreach from=$label.possible_values item=l key=v name=LSformElement_selectbox_sub_values}
               <li>
-                <input type='{if $multiple}checkbox{else}radio{/if}' name='{$attr_name}[]' class='LSformElement_selectbox' id='LSformElement_selectbox_{$attr_name}_{$smarty.foreach.LSformElement_selectbox.index}_{$smarty.foreach.LSformElement_selectbox_sub_values.index}' value="{$v}" {if in_array($v,$values)}checked{/if}/> <label for='LSformElement_selectbox_{$attr_name}_{$smarty.foreach.LSformElement_selectbox.index}_{$smarty.foreach.LSformElement_selectbox_sub_values.index}'>{tr msg=$l}</label>
+                <input type='{if $multiple}checkbox{else}radio{/if}' name='{$attr_name|escape:"quotes"}[]' class='LSformElement_selectbox' id='LSformElement_selectbox_{$attr_name|escape:"quotes"}_{$smarty.foreach.LSformElement_selectbox.index}_{$smarty.foreach.LSformElement_selectbox_sub_values.index}' value='{$v|escape:"quotes"}' {if in_array($v,$values)}checked{/if}/> <label for='LSformElement_selectbox_{$attr_name|escape:"quotes"}_{$smarty.foreach.LSformElement_selectbox.index}_{$smarty.foreach.LSformElement_selectbox_sub_values.index}'>{tr msg=$l}</label>
               </li>
             {/foreach}
           </ul>
@@ -27,7 +27,7 @@
         {/if}
       {else}
         <li>
-          <input type='{if $multiple}checkbox{else}radio{/if}' name='{$attr_name}[]' class='LSformElement_selectbox' id='LSformElement_selectbox_{$attr_name}_{$smarty.foreach.LSformElement_selectbox.index}' value="{$value}" {if in_array($value,$values)}checked{/if}/> <label for='LSformElement_selectbox_{$attr_name}_{$smarty.foreach.LSformElement_selectbox.index}'>{tr msg=$label}</label>
+          <input type='{if $multiple}checkbox{else}radio{/if}' name='{$attr_name|escape:"quotes"}[]' class='LSformElement_selectbox' id='LSformElement_selectbox_{$attr_name|escape:"quotes"}_{$smarty.foreach.LSformElement_selectbox.index}' value='{$value|escape:"quotes"}' {if in_array($value,$values)}checked{/if}/> <label for='LSformElement_selectbox_{$attr_name|escape:"quotes"}_{$smarty.foreach.LSformElement_selectbox.index}'>{tr msg=$label}</label>
         </li>
       {/if}
     {/foreach}
diff --git a/public_html/templates/default/LSformElement_select_object.tpl b/public_html/templates/default/LSformElement_select_object.tpl
index 92fa3f05..59f922f7 100644
--- a/public_html/templates/default/LSformElement_select_object.tpl
+++ b/public_html/templates/default/LSformElement_select_object.tpl
@@ -3,7 +3,7 @@
   <tr class='LSformElement_select_object_searchAdd'>
     <td class='LSformElement_select_object_searchAdd'>
 {/if}
-      <ul class='LSform LSformElement_select_object' id='{$attr_name}'>
+      <ul class='LSform LSformElement_select_object' id='{$attr_name|escape:"quotes"}'>
         {foreach from=$values item=txt key=dn}
           <li>{include file="ls:$fieldTemplate"}</li>
         {foreachelse}
diff --git a/public_html/templates/default/LSformElement_select_object_field.tpl b/public_html/templates/default/LSformElement_select_object_field.tpl
index f132dd72..2970e440 100644
--- a/public_html/templates/default/LSformElement_select_object_field.tpl
+++ b/public_html/templates/default/LSformElement_select_object_field.tpl
@@ -1,6 +1,6 @@
 {if $dn}
-  <a href='view.php?LSobject={$selectableObject}&amp;dn={$dn|escape:'url'}' class='LSformElement_select_object'>{$txt}</a>
-  {if !$freeze}<input type='hidden' class='LSformElement_select_object' name='{$attr_name}[]' value='{$dn}' />{/if}
+  <a href='view.php?LSobject={$selectableObject|escape:"url"}&amp;dn={$dn|escape:'url'}' class='LSformElement_select_object'>{$txt|escape:"htmlall"}</a>
+  {if !$freeze}<input type='hidden' class='LSformElement_select_object' name='{$attr_name|escape:"quotes"}[]' value='{$dn|escape:"quotes"}' />{/if}
 {else}
-  {$noValueTxt}
+  {$noValueTxt|escape:"htmlall"}
 {/if}
diff --git a/public_html/templates/default/LSformElement_ssh_key.tpl b/public_html/templates/default/LSformElement_ssh_key.tpl
index eac135be..cebea848 100644
--- a/public_html/templates/default/LSformElement_ssh_key.tpl
+++ b/public_html/templates/default/LSformElement_ssh_key.tpl
@@ -1,4 +1,4 @@
-<ul class='LSform{if $multiple && !$freeze} LSformElement_multiple'{/if}' id='{$attr_name}'>
+<ul class='LSform{if $multiple && !$freeze} LSformElement_multiple'{/if}' id='{$attr_name|escape:"quotes"}'>
   {foreach from=$values_txt item=value}
     <li>{include file="ls:$fieldTemplate"}</li>
   {foreachelse}
diff --git a/public_html/templates/default/LSformElement_ssh_key_field.tpl b/public_html/templates/default/LSformElement_ssh_key_field.tpl
index 6a4cef82..9f702bcc 100644
--- a/public_html/templates/default/LSformElement_ssh_key_field.tpl
+++ b/public_html/templates/default/LSformElement_ssh_key_field.tpl
@@ -1,11 +1,11 @@
 {if $freeze}
   {if $value.type}
-    <span class='LSformElement_ssh_key_short_display' title='{$span_title}'>{$value.shortTxt}...</span> (Type : {$value.type}) <a href='mailto:{$value.mail}'>{$value.mail}</a><p class='LSformElement_ssh_key_value'>{$value.value}</p>
+    <span class='LSformElement_ssh_key_short_display' title='{$span_title|escape:"htmlall"}'>{$value.shortTxt|escape:"htmlall"}...</span> (Type : {$value.type|escape:"htmlall"}) <a href='mailto:{$value.mail|escape:"quotes"}'>{$value.mail|escape:"htmlall"}</a><p class='LSformElement_ssh_key_value'>{$value.value|escape:"htmlall"}</p>
   {elseif $value.shortTxt}
-    <span class='LSformElement_ssh_key_short_display'>{$value.shortTxt}...</span> ({$unknowTypeTxt})<p class='LSformElement_ssh_key_value'>{$value.value}</p>
+    <span class='LSformElement_ssh_key_short_display'>{$value.shortTxt|escape:"htmlall"}...</span> ({$unknowTypeTxt|escape:"htmlall"})<p class='LSformElement_ssh_key_value'>{$value.value|escape:"htmlall"}</p>
   {else}
-    {$noValueTxt}
+    {$noValueTxt|escape:"htmlall"}
   {/if}
 {else}
-  <textarea name='{$attr_name}[]' class='LSform LSformElement_ssh_key'>{$value}</textarea>
+  <textarea name='{$attr_name|escape:"quotes"}[]' class='LSform LSformElement_ssh_key'>{$value|escape:"htmlall"}</textarea>
 {/if}
diff --git a/public_html/templates/default/LSformElement_supannCompositeAttribute.tpl b/public_html/templates/default/LSformElement_supannCompositeAttribute.tpl
index 204c926a..ad01b778 100644
--- a/public_html/templates/default/LSformElement_supannCompositeAttribute.tpl
+++ b/public_html/templates/default/LSformElement_supannCompositeAttribute.tpl
@@ -1,4 +1,4 @@
-<ul class='LSform {if $multiple && !$freeze} LSformElement_multiple{/if} LSformElement_supannCompositeAttribute' id='{$attr_name}' data-fieldType="{$fieldType}">
+<ul class='LSform {if $multiple && !$freeze} LSformElement_multiple{/if} LSformElement_supannCompositeAttribute' id='{$attr_name|escape:"quotes"}' data-fieldType='{$fieldType|escape:"quotes"}'>
 	{foreach from=$parseValues item=parseValue}
 	  <li>{include file="ls:$fieldTemplate"}</li>
 	{foreachelse}
diff --git a/public_html/templates/default/LSformElement_supannCompositeAttribute_field.tpl b/public_html/templates/default/LSformElement_supannCompositeAttribute_field.tpl
index 3a6713e8..98ced4e9 100644
--- a/public_html/templates/default/LSformElement_supannCompositeAttribute_field.tpl
+++ b/public_html/templates/default/LSformElement_supannCompositeAttribute_field.tpl
@@ -6,31 +6,31 @@
 		<label>{tr msg=$cconf.label} : </label>
 		{if !empty($parseValue[$c].label) and $parseValue[$c].label!='no'}
 			{assign var=clabel value=$parseValue[$c].label}
-			<img src='{img name="supann_label_$clabel"}' alt='[{$clabel}]' title='{$clabel}'/>
+			<img src='{img name="supann_label_$clabel"}' alt='[{$clabel|escape:"htmlall"}]' title='{$clabel|escape:"htmlall"}'/>
 		{/if}
-		<span title="{$parseValue[$c].value}">{$parseValue[$c].translated}</span>
+		<span title='{$parseValue[$c].value|escape:"htmlall"}'>{$parseValue[$c].translated|escape:"htmlall"}</span>
     </p>
   {/foreach}
   {else}
-  {$noValueTxt}
+  {$noValueTxt|escape:"htmlall"}
   {/if}
 {else}
   {foreach $components as $c => $cconf}
-    <p data-component="{$c}">
+    <p data-component='{$c|escape:"quotes"}'>
 		<label>{tr msg=$cconf.label}{if $cconf.required}*{/if}  :</label>
 		{if $cconf.type=='table' or $cconf.type=='codeEntite'}
-			<input type='hidden' name='{$attr_name}__{$c}[]' value="{if $parseValue and $parseValue[$c]}{$parseValue[$c].value}{/if}"/>
+			<input type='hidden' name='{$attr_name|escape:"quotes"}__{$c|escape:"quotes"}[]' value='{if $parseValue and $parseValue[$c]}{$parseValue[$c].value|escape:"quotes"}{/if}'/>
 			{if $parseValue and !empty($parseValue[$c].label) and $parseValue[$c].label!='no'}
 				{assign var=clabel value=$parseValue[$c].label}
-				<img src='{img name="supann_label_$clabel"}' alt='[{$clabel}]' title='{$clabel}'/>
+				<img src='{img name="supann_label_$clabel"}' alt='[{$clabel|escape:"htmlall"}]' title='{$clabel|escape:"htmlall"}'/>
 			{/if}
 			{if $parseValue}
-				<span title="{$parseValue[$c].value}">{$parseValue[$c].translated}</span>
+				<span title='{$parseValue[$c].value|escape:"htmlall"}'>{$parseValue[$c].translated|escape:"htmlall"}</span>
 			{else}
-				<span>{$noValueTxt}</span>
+				<span>{$noValueTxt|escape:"htmlall"}</span>
 			{/if}
 		{else}
-			<input type='text' name='{$attr_name}__{$c}[]' value="{if $parseValue and $parseValue[$c]}{$parseValue[$c].value}{/if}"/>
+			<input type='text' name='{$attr_name|escape:"quotes"}__{$c|escape:"quotes"}[]' value='{if $parseValue and $parseValue[$c]}{$parseValue[$c].value|escape:"htmlall"}{/if}'/>
 		{/if}
     </p>
   {/foreach}
diff --git a/public_html/templates/default/LSformElement_supannLabeledValue.tpl b/public_html/templates/default/LSformElement_supannLabeledValue.tpl
index 77e2d85f..de6be301 100644
--- a/public_html/templates/default/LSformElement_supannLabeledValue.tpl
+++ b/public_html/templates/default/LSformElement_supannLabeledValue.tpl
@@ -1,4 +1,4 @@
-<ul class='LSform {if $multiple && !$freeze} LSformElement_multiple{/if} LSformElement_supannLabeledValue' id='{$attr_name}' data-fieldType="{$fieldType}">
+<ul class='LSform {if $multiple && !$freeze} LSformElement_multiple{/if} LSformElement_supannLabeledValue' id='{$attr_name|escape:"quotes"}' data-fieldType='{$fieldType|escape:"quotes"}'>
 	{foreach from=$parseValues item=parseValue}
 	  <li>{include file="ls:$fieldTemplate"}</li>
 	{foreachelse}
diff --git a/public_html/templates/default/LSformElement_supannLabeledValue_field.tpl b/public_html/templates/default/LSformElement_supannLabeledValue_field.tpl
index 3c597ed0..754e0698 100644
--- a/public_html/templates/default/LSformElement_supannLabeledValue_field.tpl
+++ b/public_html/templates/default/LSformElement_supannLabeledValue_field.tpl
@@ -2,21 +2,21 @@
   {if isset($parseValue)}
     {if !empty($parseValue.label) and $parseValue.label!='no'}
       {assign var=clabel value=$parseValue.label}
-      <img src='{img name="supann_label_$clabel"}' alt='[{$clabel}]' title='{$clabel}'/>
+      <img src='{img name="supann_label_$clabel"}' alt='[{$clabel|escape:"htmlall"}]' title='{$clabel|escape:"htmlall"}'/>
     {/if}
-    <span title="{$parseValue.value}">{$parseValue.translated}</span>
+    <span title='{$parseValue.value|escape:"htmlall"}'>{$parseValue.translated|escape:"htmlall"}</span>
   {else}
-    {$noValueTxt}
+    {$noValueTxt|escape:"htmlall"}
   {/if}
 {else}
-  <input type='hidden' name='{$attr_name}[]' value="{if $parseValue}{$parseValue.value}{/if}"/>
+  <input type='hidden' name='{$attr_name|escape:"quotes"}[]' value='{if $parseValue}{$parseValue.value|escape:"quotes"}{/if}'/>
   {if $parseValue and !empty($parseValue.label) and $parseValue.label!='no'}
     {assign var=clabel value=$parseValue.label}
-    <img class='LSformElement_supannLabeledValue_label' src='{img name="supann_label_$clabel"}' alt='[{$clabel}]' title='{$clabel}'/>
+    <img class='LSformElement_supannLabeledValue_label' src='{img name="supann_label_$clabel"}' alt='[{$clabel|escape:"htmlall"}]' title='{$clabel|escape:"htmlall"}'/>
   {/if}
   {if $parseValue}
-    <span title="{$parseValue.value}">{$parseValue.translated}</span>
+    <span title='{$parseValue.value|escape:"htmlall"}'>{$parseValue.translated|escape:"htmlall"}</span>
   {else}
-    <span>{$noValueTxt}</span>
+    <span>{$noValueTxt|escape:"htmlall"}</span>
   {/if}
 {/if}
diff --git a/public_html/templates/default/LSformElement_text_field.tpl b/public_html/templates/default/LSformElement_text_field.tpl
index 5df9fe1a..3b2dfc96 100644
--- a/public_html/templates/default/LSformElement_text_field.tpl
+++ b/public_html/templates/default/LSformElement_text_field.tpl
@@ -1,5 +1,5 @@
 {if $freeze}
-<span class='LSformElement_text'>{if $value}{$value}{else}{$noValueTxt}{/if}</span><input type='hidden' name='{$attr_name}[]' class='LSformElement_text' value="{$value}"/>
+<span class='LSformElement_text'>{if $value}{$value|escape:"htmlall"}{else}{$noValueTxt|escape:"htmlall"}{/if}</span><input type='hidden' name='{$attr_name|escape:"quotes"}[]' class='LSformElement_text' value='{$value|escape:"quotes"}'/>
 {else}
-<input type='text' name='{$attr_name}[]' class='LSformElement_text' value="{$value}" autocomplete="off"/>
+<input type='text' name='{$attr_name|escape:"quotes"}[]' class='LSformElement_text' value='{$value|escape:"quotes"}' autocomplete="off"/>
 {/if}
diff --git a/public_html/templates/default/LSformElement_textarea_field.tpl b/public_html/templates/default/LSformElement_textarea_field.tpl
index d5bc82bb..50ebdc4f 100644
--- a/public_html/templates/default/LSformElement_textarea_field.tpl
+++ b/public_html/templates/default/LSformElement_textarea_field.tpl
@@ -1,5 +1,5 @@
 {if $freeze}
-{if $value}<p class='LSformElement_textarea{if $LSformElement_textarea_extra} {$LSformElement_textarea_extra}{/if}'>{$value}</p>{else}{$noValueTxt}{/if}
+{if $value}<p class='LSformElement_textarea{if $LSformElement_textarea_extra} {$LSformElement_textarea_extra|escape:"quotes"}{/if}'>{$value|escape:"htmlall"}</p>{else}{$noValueTxt|escape:"htmlall"}{/if}
 {else}
-<textarea name='{$attr_name}[]' class='LSform{if $LSformElement_textarea_extra} {$LSformElement_textarea_extra}{/if}'>{$value}</textarea>
+<textarea name='{$attr_name|escape:"quotes"}[]' class='LSform{if $LSformElement_textarea_extra} {$LSformElement_textarea_extra|escape:"quotes"}{/if}'>{$value|escape:"htmlall"}</textarea>
 {/if}
diff --git a/public_html/templates/default/LSformElement_uri_field.tpl b/public_html/templates/default/LSformElement_uri_field.tpl
index 5b7d9459..93855c7d 100644
--- a/public_html/templates/default/LSformElement_uri_field.tpl
+++ b/public_html/templates/default/LSformElement_uri_field.tpl
@@ -1,12 +1,12 @@
 {if $freeze}
   <span class='LSformElement_text'>
   {if $value}
-    <a class='{$uriClass}' href='{$uriPrefix}{$value}'{if $uriLinkTitle} title='{$uriLinkTitle}'{/if}{if $uriTarget} target='{$uriTarget}'{/if}>{$value}</a>
+    <a class='{$uriClass|escape:"quotes"}' href='{$uriPrefix|escape:"quotes"}{$value|escape:"quotes"}'{if $uriLinkTitle} title='{$uriLinkTitle|escape:"htmlall"}'{/if}{if $uriTarget} target='{$uriTarget|escape:"quotes"}'{/if}>{$value|escape:"htmlall"}</a>
   {else}
-    {$noValueTxt}
+    {$noValueTxt|escape:"htmlall"}
   {/if}
   </span>
-  <input type='hidden' name='{$attr_name}[]' class='LSformElement_text' value="{$value}"/>
+  <input type='hidden' name='{$attr_name|escape:"quotes"}[]' class='LSformElement_text' value='{$value|escape:"quotes"}'/>
 {else}
-  <input type='text' name='{$attr_name}[]' class='LSformElement_text {$uriClass}' value="{$value}" autocomplete="off"/>
+  <input type='text' name='{$attr_name|escape:"quotes"}[]' class='LSformElement_text {$uriClass|escape:"quotes"}' value='{$value|escape:"quotes"}' autocomplete="off"/>
 {/if}
diff --git a/public_html/templates/default/LSformElement_valueWithUnit_field.tpl b/public_html/templates/default/LSformElement_valueWithUnit_field.tpl
index cb39e0fd..f871fd7d 100644
--- a/public_html/templates/default/LSformElement_valueWithUnit_field.tpl
+++ b/public_html/templates/default/LSformElement_valueWithUnit_field.tpl
@@ -1,27 +1,27 @@
 {if $freeze}
   {if $value}
     {if $values_and_units[$value].unknown}
-      <span class='LSformElement_valueWithUnit_unknown'>{$values_and_units[$value].unknown}</span>
+      <span class='LSformElement_valueWithUnit_unknown'>{$values_and_units[$value].unknown|escape:"htmlall"}</span>
     {else}
       {if $values_and_units[$value].valueWithUnit}
-        {$values_and_units[$value].valueWithUnit}{$values_and_units[$value].unitLabel}
+        {$values_and_units[$value].valueWithUnit|escape:"htmlall"}{$values_and_units[$value].unitLabel|escape:"htmlall"}
       {else}
-        {$values_and_units[$value].value}
+        {$values_and_units[$value].value|escape:"htmlall"}
       {/if}
     {/if}
   {else}
-    {$noValueTxt}
+    {$noValueTxt|escape:"htmlall"}
   {/if}
 {else}
   {if $values_and_units[$value].valueWithUnit || !$values_and_units[$value]}
-    <input name='{$attr_name}_valueWithUnit[]' type=text class='LSformElement_valueWithUnit' value="{$values_and_units[$value].valueWithUnit}"/>
-    <select name='{$attr_name}_unitFact[]' class='LSform LSformElement_valueWithUnit'>
+    <input name='{$attr_name|escape:"quotes"}_valueWithUnit[]' type=text class='LSformElement_valueWithUnit' value='{$values_and_units[$value].valueWithUnit|escape:"quotes"}'/>
+    <select name='{$attr_name|escape:"quotes"}_unitFact[]' class='LSform LSformElement_valueWithUnit'>
       {html_options options=$units selected=$values_and_units[$value].unitSill}
     </select>
   {else}
-    <input name='{$attr_name}_value[]' type=text class='LSformElement_valueWithUnit' value="{$values_and_units[$value].value}" autocomplete="off"/>
+    <input name='{$attr_name|escape:"quotes"}_value[]' type=text class='LSformElement_valueWithUnit' value='{$values_and_units[$value].value|escape:"quotes"}' autocomplete="off"/>
   {/if}
   {if $values_and_units[$value].unknown}
-    <span class='LSformElement_valueWithUnit_unknown'>{$values_and_units[$value].unknown}</span>
+    <span class='LSformElement_valueWithUnit_unknown'>{$values_and_units[$value].unknown|escape:"htmlall"}</span>
   {/if}
 {/if}
diff --git a/public_html/templates/default/LSform_view.tpl b/public_html/templates/default/LSform_view.tpl
index d24a588a..7b1f0c42 100644
--- a/public_html/templates/default/LSform_view.tpl
+++ b/public_html/templates/default/LSform_view.tpl
@@ -1,23 +1,23 @@
-<input type='hidden' name='LSform_objecttype' id='LSform_objecttype'  value='{$LSform_object.type}'/>
-<input type='hidden' name='LSform_objectdn' id='LSform_objectdn'  value='{$LSform_object.dn}'/>
+<input type='hidden' name='LSform_objecttype' id='LSform_objecttype'  value='{$LSform_object.type|escape:"quotes"}'/>
+<input type='hidden' name='LSform_objectdn' id='LSform_objectdn'  value='{$LSform_object.dn|escape:"quotes"}'/>
 {if $LSform_layout}
   <!-- Tabs - Start Title -->
   <ul class='LSform_layout'>
   {foreach from=$LSform_layout item=tab key=tab_key}
-    <li class='LSform_layout' id='LSform_layout_btn_{$tab_key}'><a href="#{$tab_key}">{tr msg=$tab.label}</a></li>
+    <li class='LSform_layout' id='LSform_layout_btn_{$tab_key|escape:"quotes"}'><a href='#{$tab_key|escape:"quotes"}'>{tr msg=$tab.label}</a></li>
   {/foreach}
   </ul>
   <!-- Tabs - End Title -->
 
   <!-- Tabs - Start Content -->
   {foreach from=$LSform_layout item=tab key=tab_key}
-    <a name='{$tab_key}'></a>
-    <h2 class='LSform_layout'>{$tab.label}</h2>
-    <div class='LSform LSform_layout' id='LSform_layout_div_{$tab_key}'>
+    <a name='{$tab_key|escape:"quotes"}'></a>
+    <h2 class='LSform_layout'>{$tab.label|escape:"htmlall"}</h2>
+    <div class='LSform LSform_layout' id='LSform_layout_div_{$tab_key|escape:"quotes"}'>
     
       {if $LSformElement_image!='' && $tab.img==1}
         <div class='LSformElement_image'>
-          <a href='{$LSformElement_image.img}' rel='rien ici' title='comment' class='mb'><img src='{$LSformElement_image.img}' class='LSformElement_image LSsmoothbox' id='LSformElement_image_{$LSformElement_image.id}' /></a>
+          <a href='{$LSformElement_image.img|escape:"quotes"}' rel='rien ici' title='comment' class='mb'><img src='{$LSformElement_image.img|escape:"quotes"}' class='LSformElement_image LSsmoothbox' id='LSformElement_image_{$LSformElement_image.id|escape:"quotes"}' /></a>
         </div>
       {/if}
       
@@ -26,12 +26,12 @@
         {foreach from=$tab.args item=arg}
           {if $LSform_fields[$arg]}
             {assign var='field' value='oui'}
-            <dt class='LSform'>{$LSform_fields[$arg].label}</dt>
+            <dt class='LSform'>{$LSform_fields[$arg].label|escape:"htmlall"}</dt>
             <dd class='LSform'>{$LSform_fields[$arg].html}</dd>
           {/if}
         {/foreach}
         {if $field=='non'}
-          <dd class='LSform'>{$LSform_layout_nofield_label}</dd>
+          <dd class='LSform'>{$LSform_layout_nofield_label|escape:"htmlall"}</dd>
         {/if}
       </dl>
       
@@ -42,14 +42,14 @@
 
   {if $LSformElement_image!=''}
   <div class='LSformElement_image'>
-    <a href='{$LSformElement_image.img}' rel='rien ici' title='comment' class='mb'><img src='{$LSformElement_image.img}' class='LSformElement_image LSsmoothbox' id='LSformElement_image_{$LSformElement_image.id}' /></a>
+    <a href='{$LSformElement_image.img|escape:"quotes"}' rel='rien ici' title='comment' class='mb'><img src='{$LSformElement_image.img|escape:"quotes"}' class='LSformElement_image LSsmoothbox' id='LSformElement_image_{$LSformElement_image.id|escape:"quotes"}' /></a>
   </div>
   {/if}
 
   <div class='LSform'>
     <dl class='LSform'>
       {foreach from=$LSform_fields item=field}
-      <dt class='LSform'>{$field.label}</dt>
+      <dt class='LSform'>{$field.label|escape:"htmlall"}</dt>
       <dd class='LSform'>{$field.html}</dd>
       {/foreach}
     </dl>
diff --git a/public_html/templates/default/LSmail.tpl b/public_html/templates/default/LSmail.tpl
index 66bb0023..81c235ba 100644
--- a/public_html/templates/default/LSmail.tpl
+++ b/public_html/templates/default/LSmail.tpl
@@ -1,10 +1,10 @@
-<dl class='LSform{if $LSmail_options.class} {$LSmail_options.class}{/if}'>
+<dl class='LSform{if $LSmail_options.class} {$LSmail_options.class|escape:"quotes"}{/if}'>
   {if $LSmail_options.display_mail_field}
-  <dt class='LSform'>{$LSmail_mail_label}</dt>
+  <dt class='LSform'>{$LSmail_mail_label|escape:"htmlall"}</dt>
   <dd class='LSform'>
     {if $LSmail_mails != ""}
       {if $LSmail_mails|@count==1}
-      <input type='text' name='LSmail_mail' id='LSmail_mail' value='{$LSmail_mails[0]}'/>
+      <input type='text' name='LSmail_mail' id='LSmail_mail' value='{$LSmail_mails[0]|escape:"quotes"}'/>
       {else}
       <select name='LSmail_mail' id='LSmail_mail'>
         {html_options values=$LSmail_mails output=$LSmail_mails}
@@ -15,18 +15,18 @@
     {/if}
   </dd>
   {else}
-    <input type='hidden' name='LSmail_mail' id='LSmail_mail' value='{$LSmail_mails[0]}'/>
+    <input type='hidden' name='LSmail_mail' id='LSmail_mail' value='{$LSmail_mails[0]|escape:"quotes"}'/>
   {/if}
   {if $LSmail_options.display_subject_field}
-  <dt class='LSform'>{$LSmail_subject_label}</dt>
+  <dt class='LSform'>{$LSmail_subject_label|escape:"htmlall"}</dt>
   <dd class='LSform'>
-    <input type='text' name='LSmail_subject' id='LSmail_subject' value="{$LSmail_subject}"/>
+    <input type='text' name='LSmail_subject' id='LSmail_subject' value='{$LSmail_subject|escape:"quotes"}'/>
   </dd>
   {else}
-    <input type='hidden' name='LSmail_subject' id='LSmail_subject' value="{$LSmail_subject}"/>
+    <input type='hidden' name='LSmail_subject' id='LSmail_subject' value='{$LSmail_subject|escape:"quotes"}'/>
   {/if}
-  <dt class='LSform'>{$LSmail_msg_label}</dt>
+  <dt class='LSform'>{$LSmail_msg_label|escape:"htmlall"}</dt>
   <dd class='LSform'>
-    <textarea name='LSmail_msg' id='LSmail_msg'>{$LSmail_msg}</textarea>
+    <textarea name='LSmail_msg' id='LSmail_msg'>{$LSmail_msg|escape:"htmlall"}</textarea>
   </dd>
 </dl>
diff --git a/public_html/templates/default/LSrelations.tpl b/public_html/templates/default/LSrelations.tpl
index c16b3b60..548eca2a 100644
--- a/public_html/templates/default/LSrelations.tpl
+++ b/public_html/templates/default/LSrelations.tpl
@@ -1,15 +1,15 @@
-<h1 id='LSrelation_title_{$item.id}' class='LSrelation'>{$item.label}</h1>
+<h1 id='LSrelation_title_{$item.id|escape:"quotes"}' class='LSrelation'>{$item.label|escape:"htmlall"}</h1>
 {if $item.actions!=''}
   <ul class='LSview-actions'>
   {foreach from=$item.actions item=action}
-    <li class='LSview-actions'><a href='{$action.url}' class='LSview-actions LSrelation_modify' id='{$item.id}'><img src='{img name=$action.action}' alt='{$action.label}' title='{$action.label}' /> {$action.label}</a></li>
+    <li class='LSview-actions'><a href='{$action.url|escape:"quotes"}' class='LSview-actions LSrelation_modify' id='{$item.id|escape:"quotes"}'><img src='{img name=$action.action}' alt='{$action.label|escape:"htmlall"}' title='{$action.label|escape:"htmlall"}' /> {$action.label|escape:"htmlall"}</a></li>
   {/foreach}
   </ul>
 {/if}
-<ul id='LSrelation_ul_{$item.id}' class='LSrelation'>
+<ul id='LSrelation_ul_{$item.id|escape:"quotes"}' class='LSrelation'>
 {foreach from=$item.objectList item=object}
-  <li class='LSrelation'><a href='view.php?LSobject={$item.LSobject}&amp;dn={$object.dn|escape:'url'}' class='LSrelation{if $object.canEdit} LSrelation_editable{/if}' id='LSrelation_{$item.id}_{$object.dn}'>{$object.text}</a></li>
+  <li class='LSrelation'><a href='view.php?LSobject={$item.LSobject|escape:"url"}&amp;dn={$object.dn|escape:'url'}' class='LSrelation{if $object.canEdit} LSrelation_editable{/if}' id='LSrelation_{$item.id|escape:"quotes"}_{$object.dn|escape:"quotes"}'>{$object.text|escape:"htmlall"}</a></li>
 {foreachelse}
-  <li class='LSrelation'>{$item.emptyText}</li>
+  <li class='LSrelation'>{$item.emptyText|escape:"htmlall"}</li>
 {/foreach}
 </ul>
diff --git a/public_html/templates/default/blank.tpl b/public_html/templates/default/blank.tpl
index 95bec16a..d2d94850 100644
--- a/public_html/templates/default/blank.tpl
+++ b/public_html/templates/default/blank.tpl
@@ -3,7 +3,7 @@
 <html>
   <head>
     <meta http-equiv="content-type" content="text/html; charset={$LSencoding}">
-    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
+    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle|escape:"htmlall"}{/if}</title>
     <link rel="icon" type="image/png" href="images/default/favicon.png" />
     <link rel="stylesheet" type="text/css" href="{css name='base.css'}" title="Normal" />
     <link rel="stylesheet" type="text/css" href="{css name='base_print.css'}" media='print' title="Normal" />
diff --git a/public_html/templates/default/create.tpl b/public_html/templates/default/create.tpl
index 5c674bd8..e414a983 100644
--- a/public_html/templates/default/create.tpl
+++ b/public_html/templates/default/create.tpl
@@ -1,8 +1,8 @@
 {include file='ls:top.tpl'}
-    {if $pagetitle != ''}<h1 id='LSform_title'>{$pagetitle}</h1>{/if}
+    {if $pagetitle != ''}<h1 id='LSform_title'>{$pagetitle|escape:"htmlall"}</h1>{/if}
 
     {if !empty($listAvailableDataEntryForm)}
-      <p class='LSform_listAvailableDataEntryForm'><label>{$DataEntryFormLabel}
+      <p class='LSform_listAvailableDataEntryForm'><label>{$DataEntryFormLabel|escape:"htmlall"}
       <select id='LSform_listAvailableDataEntryForm'>
 	<option value=''>--</option>
         {html_options options=$listAvailableDataEntryForm selected=$LSform_dataEntryForm}
diff --git a/public_html/templates/default/import.tpl b/public_html/templates/default/import.tpl
index 63691448..2d1e74e9 100644
--- a/public_html/templates/default/import.tpl
+++ b/public_html/templates/default/import.tpl
@@ -1,8 +1,8 @@
 {include file='ls:top.tpl'}
-    {if $pagetitle != ''}<h1 id='LSview_title'>{$pagetitle}</h1>{/if}
+    {if $pagetitle != ''}<h1 id='LSview_title'>{$pagetitle|escape:"htmlall"}</h1>{/if}
 
 <div class='LSform'>
-<form action='import.php?LSobject={$LSobject}' method='post' enctype="multipart/form-data">
+<form action='import.php?LSobject={$LSobject|escape:"url"}' method='post' enctype="multipart/form-data">
 <input type='hidden' name='validate' value='LSimport'/>
 <dl class='LSform'>
   <dt class='LSform'><label for='importfile'>{tr msg='File'}</label></dt>
@@ -38,12 +38,12 @@
 <ul class='LSimport_data_errors'>
 {foreach $error.data as $key => $val}
   <li>
-    <strong>{$key} :</strong>
+    <strong>{$key|escape:"htmlall"} :</strong>
     {if empty($val)}{tr msg='No value'}{else}{LSimport_implodeValues values=$val}{/if}
     {if isset($error.errors.attrs[$key])}
     <ul class='LSimport_attr_errors'>
       {foreach $error.errors.attrs.$key as $e}
-      <li>{$e}</li>
+      <li>{$e|escape:"htmlall"}</li>
       {/foreach}
     </ul>
     {/if}
@@ -52,10 +52,10 @@
 {foreach $error.errors.attrs as $a => $es}
   {if !in_array($a,$error.data)}
   <li>
-    <strong>{$a} :</strong>
+    <strong>{$a|escape:"htmlall"} :</strong>
     <ul class='LSimport_attr_errors'>
       {foreach $es as $e}
-        <li>{$e}</li>
+        <li>{$e|escape:"htmlall"}</li>
       {/foreach}
     </ul>
   </li>
@@ -69,7 +69,7 @@
 <h2 class='LSimport_imported_objects'>{tr msg='Imported objects'} ({count($result.imported)})</h2>
 <ul class='LSimport_imported_objects'>
 {foreach $result.imported as $dn => $name}
-  <li><a href='view.php?LSobject={$LSobject}&dn={$dn}'>{$name}</a></li>
+  <li><a href='view.php?LSobject={$LSobject|escape:"url"}&dn={$dn|escape:"url"}'>{$name|escape:"htmlall"}</a></li>
 {foreachelse}
   <li>{tr msg='No imported object'}</li>
 {/foreach}
@@ -79,7 +79,7 @@
 <h2 class='LSimport_updated_objects'>{tr msg='Updated objects'} ({count($result.updated)})</h2>
 <ul class='LSimport_updated_objects'>
 {foreach $result.updated as $dn => $name}
-  <li><a href='view.php?LSobject={$LSobject}&dn={$dn}'>{$name}</a></li>
+  <li><a href='view.php?LSobject={$LSobject|escape:"url"}&dn={$dn|escape:"url"}'>{$name|escape:"htmlall"}</a></li>
 {/foreach}
 </ul>
 {/if}
diff --git a/public_html/templates/default/login.tpl b/public_html/templates/default/login.tpl
index 3a4c88a7..1e1c60e9 100644
--- a/public_html/templates/default/login.tpl
+++ b/public_html/templates/default/login.tpl
@@ -3,7 +3,7 @@
 <html>
   <head>
     <meta http-equiv="content-type" content="text/html; charset=UTF-8">
-    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
+    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle|escape:"htmlall"}{/if}</title>
     <link rel="icon" type="image/png" href="images/default/favicon.png" />
     <link rel="stylesheet" type="text/css" href="{css name='login.css'}" media="screen" title="Normal" />
     {$LSsession_css}
@@ -18,29 +18,29 @@
 <div id='loading_zone'></div>
 <form action='{$loginform_action}' method='post'>
 <dl class='loginform'>
-  <dt {$loginform_ldapserver_style}>{$loginform_label_ldapserver}</dt>
+  <dt {$loginform_ldapserver_style}>{$loginform_label_ldapserver|escape:"htmlall"}</dt>
   <dd {$loginform_ldapserver_style}>
     <select name='LSsession_ldapserver' id='LSsession_ldapserver'>{html_options values=$loginform_ldapservers_index output=$loginform_ldapservers_name selected=$ldapServerId}</select>
   </dd>
-  <dt class='loginform-level' id='LSsession_topDn_label' {$loginform_ldapserver_style}>{$loginform_label_level}</dt>
+  <dt class='loginform-level' id='LSsession_topDn_label' {$loginform_ldapserver_style}>{$loginform_label_level|escape:"htmlall"}</dt>
   <dd class='loginform-level' {$loginform_ldapserver_style}><select name='LSsession_topDn' id='LSsession_topDn'>{html_options values=$loginform_topdn_index output=$loginform_topdn_name selected=$topDn}</select></dd>
-  <dt>{$loginform_label_user}</dt>
+  <dt>{$loginform_label_user|escape:"htmlall"}</dt>
   <dd><input type='text' name='LSauth_user' /></dd>
-  <dt>{$loginform_label_pwd}</dt>
+  <dt>{$loginform_label_pwd|escape:"htmlall"}</dt>
   <dd><input type='password' name='LSauth_pwd' /></dd>
-  <dt class='LSlang_hidden'>{$lang_label}</dt>
+  <dt class='LSlang_hidden'>{$lang_label|escape:"htmlall"}</dt>
   <dd class='LSlang_hidden'>
   <select name='lang'>
   {foreach from=$LSlanguages item=lang}
-    <option value='{$lang}'>{$lang}</option>
+    <option value='{$lang}'>{$lang|escape:"htmlall"}</option>
   {/foreach}
   </select>
   </dd>
-  <dd><input type='submit' value='{$loginform_label_submit}' /></dd>
+  <dd><input type='submit' value='{$loginform_label_submit|escape:"quotes"}' /></dd>
 </dl>
 </form>
-<span>{$lang_label} : <img id='LSlang' src='{img name=$LSlang}' alt='{$LSlang}' title='{$LSlang}'/></span>
-<a href='index.php?LSsession_recoverPassword' class='LSsession_recoverPassword LSsession_recoverPassword_hidden'>{$loginform_label_recoverPassword}</a>
+<span>{$lang_label} : <img id='LSlang' src='{img name=$LSlang}' alt='{$LSlang|escape:"htmlall"}' title='{$LSlang|escape:"htmlall"}'/></span>
+<a href='index.php?LSsession_recoverPassword' class='LSsession_recoverPassword LSsession_recoverPassword_hidden'>{$loginform_label_recoverPassword|escape:"htmlall"}</a>
 </div>
 </body>
 </html>
diff --git a/public_html/templates/default/modify.tpl b/public_html/templates/default/modify.tpl
index e422ea42..0c0f3740 100644
--- a/public_html/templates/default/modify.tpl
+++ b/public_html/templates/default/modify.tpl
@@ -1,9 +1,9 @@
 {include file='ls:top.tpl'}
-    {if $pagetitle != ''}<h1 id='LSform_title'>{$pagetitle}</h1>{/if}
+    {if $pagetitle != ''}<h1 id='LSform_title'>{$pagetitle|escape:"htmlall"}</h1>{/if}
     {if $LSview_actions != ''}
     <ul class='LSview-actions'>
       {foreach from=$LSview_actions item=item}
-        <li class='LSview-actions'><a href='{$item.url}' class='LSview-actions'><img src='{img name=$item.action}' alt='{$item.label}' title='{$item.label}' /> {$item.label}</a></li>
+        <li class='LSview-actions'><a href='{$item.url|escape:"quotes"}' class='LSview-actions'><img src='{img name=$item.action}' alt='{$item.label|escape:"htmlall"}' title='{$item.label|escape:"htmlall"}' /> {$item.label|escape:"htmlall"}</a></li>
       {/foreach}
     </ul>
     {/if}
diff --git a/public_html/templates/default/question.tpl b/public_html/templates/default/question.tpl
index 7177b721..8519a6e7 100644
--- a/public_html/templates/default/question.tpl
+++ b/public_html/templates/default/question.tpl
@@ -1,13 +1,13 @@
 {include file='ls:top.tpl'}
-    {if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
+    {if $pagetitle != ''}<h1>{$pagetitle|escape:"htmlall"}</h1>{/if}
     {if $LSview_actions != ''}
     <p class='LSview-actions'>
       {foreach from=$LSview_actions item=item}
-        <a href='{$item.url}' class='LSview-actions'><img src='{img name=$item.action}' alt='{$item.label}' title='{$item.label}' /></a>
+        <a href='{$item.url|escape:"quotes"}' class='LSview-actions'><img src='{img name=$item.action}' alt='{$item.label|escape:"htmlall"}' title='{$item.label|escape:"htmlall"}' /></a>
       {/foreach}
     </p>
     {/if}
     
-    <p class='question'>{$question}</p>
-    <a href='{$validation_url}' class='question'>{$validation_label}</a>
+    <p class='question'>{$question|escape:"htmlall"}</p>
+    <a href='{$validation_url|escape:"quotes"}' class='question'>{$validation_label|escape:"htmlall"}</a>
 {include file='ls:bottom.tpl'}
diff --git a/public_html/templates/default/recoverpassword.tpl b/public_html/templates/default/recoverpassword.tpl
index 6a8eb286..e1bc9bdc 100644
--- a/public_html/templates/default/recoverpassword.tpl
+++ b/public_html/templates/default/recoverpassword.tpl
@@ -3,7 +3,7 @@
 <html>
   <head>
     <meta http-equiv="content-type" content="text/html; charset=UTF-8">
-    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
+    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle|escape:"htmlall"}{/if}</title>
     <link rel="stylesheet" type="text/css" href="{css name='recoverpassword.css'}" media="screen" title="Normal" />
     {$LSsession_css}
     {$LSsession_js}
@@ -15,21 +15,21 @@
 <div class='recoverpasswordform'>
 <img src='{img name='logo'}' alt='Logo' id='recoverpasswordform_logo' />
 <div id='loading_zone'></div>
-<form action='{$recoverpasswordform_action}' method='post'>
+<form action='{$recoverpasswordform_action|escape:"quotes"}' method='post'>
 <dl class='recoverpasswordform'>
-  <dt {$recoverpasswordform_ldapserver_style}>{$recoverpasswordform_label_ldapserver}</dt>
+  <dt {$recoverpasswordform_ldapserver_style}>{$recoverpasswordform_label_ldapserver|escape:"htmlall"}</dt>
   <dd {$recoverpasswordform_ldapserver_style}>
     <select name='LSsession_ldapserver' id='LSsession_ldapserver'>{html_options values=$recoverpasswordform_ldapservers_index output=$recoverpasswordform_ldapservers_name selected=$ldapServerId}</select>
   </dd>
-  <dt>{$recoverpasswordform_label_user}</dt>
+  <dt>{$recoverpasswordform_label_user|escape:"htmlall"}</dt>
   <dd><input type='text' name='LSsession_user' /></dd>
-  <dd><input type='submit' value='{$recoverpasswordform_label_submit}' /></dd>
+  <dd><input type='submit' value='{$recoverpasswordform_label_submit|escape:"quotes"}' /></dd>
 </dl>
 </form>
 
-<p id='recoverpassword_msg'>{$recoverpassword_msg}</p>
-<span>{$lang_label} : <img id='LSlang' src='{img name=$LSlang}' alt='{$LSlang}' title='{$LSlang}'/></span>
-<a href='index.php' id='recoverpassword_back'>{$recoverpasswordform_label_back}</a>
+<p id='recoverpassword_msg'>{$recoverpassword_msg|escape:"htmlall"}</p>
+<span>{$lang_label|escape:"htmlall"} : <img id='LSlang' src='{img name=$LSlang}' alt='{$LSlang|escape:"htmlall"}' title='{$LSlang|escape:"htmlall"}'/></span>
+<a href='index.php' id='recoverpassword_back'>{$recoverpasswordform_label_back|escape:"htmlall"}</a>
 </div>
 </body>
 </html>
diff --git a/public_html/templates/default/redirect.tpl b/public_html/templates/default/redirect.tpl
index f3801eda..8992afeb 100644
--- a/public_html/templates/default/redirect.tpl
+++ b/public_html/templates/default/redirect.tpl
@@ -3,7 +3,7 @@
 <html>
   <head>
     <meta http-equiv="content-type" content="text/html; charset=UTF-8">
-    <META http-equiv="refresh" content="0; URL={$url}">
+    <META http-equiv="refresh" content='0; URL={$url|escape:"quotes"}'>
     <title>LdapSaisie - Redirection</title>
   </head>
 <body>
diff --git a/public_html/templates/default/select.tpl b/public_html/templates/default/select.tpl
index 71ff7e9c..72551798 100644
--- a/public_html/templates/default/select.tpl
+++ b/public_html/templates/default/select.tpl
@@ -1,27 +1,27 @@
 <div class='LSobject-select' id='LSobject-select-main-div'>
   <h1 id='LSselect_title'>
-    {$pagetitle}
+    {$pagetitle|escape:"htmlall"}
   </h1>
 
-  <form action='{$searchForm.action}' method='post' class='LSview_search LSselect_search btn' id='LSselect_search_form'>
+  <form action='{$searchForm.action|escape:"quotes"}' method='post' class='LSview_search LSselect_search btn' id='LSselect_search_form'>
     {foreach from=$searchForm.hiddenFields item=field_value key=field_name}
-      <input type='hidden' name='{$field_name}' value='{$field_value}' />
+      <input type='hidden' name='{$field_name|escape:"quotes"}' value='{$field_value|escape:"quotes"}' />
     {/foreach}
     
     {if $LSsession_subDn!=""}
-      <label id='LSselect_topDn_label'>{$searchForm.labels.level}
+      <label id='LSselect_topDn_label'>{$searchForm.labels.level|escape:"htmlall"}
         <select name='subDn' id='LSselect_topDn'>
           {html_options values=$LSsession_subDn_indexes output=$LSsession_subDn_names selected=$searchForm.values.basedn}
         </select>
       </label>
     {/if}
     <div class='LSselect_search'>
-      <input type='text' name='pattern' class='LSview_search' value="{$searchForm.values.pattern}"/>
-      <input type='submit' value='{$searchForm.labels.submit}' name='{$searchForm.names.submit}' class='LSview_search' />
-      <img src='{img name='refresh'}' alt='{$searchForm.labels.refresh}' title='{$searchForm.labels.refresh}' id='LSselect_refresh_btn' />
+      <input type='text' name='pattern' class='LSview_search' value='{$searchForm.values.pattern|escape:"quotes"}'/>
+      <input type='submit' value='{$searchForm.labels.submit|escape:"quotes"}' name='{$searchForm.names.submit|escape:"quotes"}' class='LSview_search' />
+      <img src='{img name='refresh'}' alt='{$searchForm.labels.refresh|escape:"htmlall"}' title='{$searchForm.labels.refresh|escape:"htmlall"}' id='LSselect_refresh_btn' />
       <p id='LSview_search_param'>
-        <label class='LSview_search'>{$searchForm.labels.approx} : <input type='checkbox' name='approx' class='LSview_search' {if $searchForm.values.approx!=''}checked="true"{/if} /></label>
-        {if $searchForm.recursive}<label class='LSview_search'>{$searchForm.labels.recursive} : <input type='checkbox' name='recursive' class='LSview_search' {if $searchForm.values.recursive!=''}checked="true"{/if}/></label>{/if}
+        <label class='LSview_search'>{$searchForm.labels.approx|escape:"htmlall"} : <input type='checkbox' name='approx' class='LSview_search' {if $searchForm.values.approx!=''}checked="true"{/if} /></label>
+        {if $searchForm.recursive}<label class='LSview_search'>{$searchForm.labels.recursive|escape:"htmlall"} : <input type='checkbox' name='recursive' class='LSview_search' {if $searchForm.values.recursive!=''}checked="true"{/if}/></label>{/if}
       </p>
     </div>
   </form>
diff --git a/public_html/templates/default/select_table.tpl b/public_html/templates/default/select_table.tpl
index ff6daa56..b3b1addc 100644
--- a/public_html/templates/default/select_table.tpl
+++ b/public_html/templates/default/select_table.tpl
@@ -1,40 +1,40 @@
-<table class='LSobject-list' id='LSselect-object' caption='{$LSsearch->LSobject}'>
+<table class='LSobject-list' id='LSselect-object' caption='{$LSsearch->LSobject|escape:"quotes"}'>
   <tr class='LSobject-list'>
     <th class='LSobject-list LSobject-select-check'></th>
     <th class='LSobject-list{if $LSsearch->sort} sortBy_displayName{/if}'>
       {if $LSsearch->sortBy == 'displayName'}
-        <strong>{$LSsearch->label_objectName}</strong>
+        <strong>{$LSsearch->label_objectName|escape:"htmlall"}</strong>
         <img src='{img name=$LSsearch->sortDirection}' class='LSobject-list-ordersense' alt='{$LSsearch->sortDirection}'/>
       {else}
-        {$LSsearch->label_objectName}
+        {$LSsearch->label_objectName|escape:"htmlall"}
       {/if}
     </th>
     {if $LSsearch->displaySubDn}
       <th class='LSobject-list LSobject-list-subdn{if $LSsearch->sort} sortBy_subDn{/if}'>
         {if $LSsearch->sort}
           {if $LSsearch->sortBy == 'subDn'}
-            <strong>{$LSsearch->label_level}</strong>
-            <img src='{img name=$LSsearch->sortDirection}' class='LSobject-list-ordersense' alt='{$LSsearch->sortDirection}'/>
+            <strong>{$LSsearch->label_level|escape:"htmlall"}</strong>
+            <img src='{img name=$LSsearch->sortDirection}' class='LSobject-list-ordersense' alt='{$LSsearch->sortDirection|escape:"quotes"}'/>
           {else}
-            {$LSsearch->label_level}
+            {$LSsearch->label_level|escape:"htmlall"}
           {/if}
         {else}
-          {$LSsearch->label_level}
+          {$LSsearch->label_level|escape:"htmlall"}
         {/if}
       </th>
     {/if}
   </tr>
 {foreach from=$page.list item=object}
     <tr class='{cycle values="LSobject-list,LSobject-list LSobject-list-bis"}'>
-        <td class='LSobject-list LSobject-select-check'><input type='{if $searchForm.multiple}checkbox{else}radio{/if}' name='LSobjects_selected[]' value='{$object->dn}' {if $object->LSselect}checked="true"{/if}{if $searchForm.selectablly}{if !$object->selectablly} disabled="disabled"{/if}{/if} class='LSobject-select' /></td>
-        <td class='LSobject-list LSobject-select-names'>{$object->displayName}</td>
+        <td class='LSobject-list LSobject-select-check'><input type='{if $searchForm.multiple}checkbox{else}radio{/if}' name='LSobjects_selected[]' value='{$object->dn|escape:"quotes"}' {if $object->LSselect}checked="true"{/if}{if $searchForm.selectablly}{if !$object->selectablly} disabled="disabled"{/if}{/if} class='LSobject-select' /></td>
+        <td class='LSobject-list LSobject-select-names'>{$object->displayName|escape:"htmlall"}</td>
         {if $LSsearch->displaySubDn}
-          <td class='LSobject-list LSobject-select-level'>{$object->subDn}</td>
+          <td class='LSobject-list LSobject-select-level'>{$object->subDn|escape:"htmlall"}</td>
         {/if}
     </tr>
 {foreachelse}
     <tr class='LSobject-list'>
-      <td colspan='3' class='LSobject-list-without-result'>{$LSsearch->label_no_result}</td>
+      <td colspan='3' class='LSobject-list-without-result'>{$LSsearch->label_no_result|escape:"htmlall"}</td>
     </tr> 
 {/foreach}
 </table>
@@ -52,21 +52,21 @@
     {else}
       {assign var=start value=0}
     {/if}
-    <a href='select.php?LSobject={$LSsearch->LSobject}&amp;page=0&amp;multiple={$searchForm.multiple}' class='LSobject-list-page'><</a> 
+    <a href='select.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;page=0&amp;multiple={$searchForm.multiple}' class='LSobject-list-page'>&lt;</a>
     {foreach from=0|range:10 item=i}
       {if $page.nb==$start+$i}
         <strong class='LSobject-list-page'>{$page.nb+1}</strong> 
       {else}
-        <a href='select.php?LSobject={$LSsearch->LSobject}&amp;page={$i+$start}&amp;multiple={$searchForm.multiple}'  class='LSobject-list-page'>{$i+$start+1}</a> 
+        <a href='select.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;page={$i+$start}&amp;multiple={$searchForm.multiple}'  class='LSobject-list-page'>{$i+$start+1}</a> 
       {/if}
     {/foreach}
-    <a href='select.php?LSobject={$LSsearch->LSobject}&amp;page={$page.nbPages-1}&amp;multiple={$searchForm.multiple}' class='LSobject-list-page'>></a> 
+    <a href='select.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;page={$page.nbPages-1}&amp;multiple={$searchForm.multiple}' class='LSobject-list-page'>&gt;</a>
   {else}
     {section name=listpage loop=$page.nbPages step=1}
       {if $page.nb == $smarty.section.listpage.index}
         <strong class='LSobject-list-page'>{$page.nb+1}</strong> 
       {else}
-        <a href='select.php?LSobject={$LSsearch->LSobject}&amp;page={$smarty.section.listpage.index}&amp;multiple={$searchForm.multiple}'  class='LSobject-list-page'>{$smarty.section.listpage.index+1}</a> 
+        <a href='select.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;page={$smarty.section.listpage.index}&amp;multiple={$searchForm.multiple}'  class='LSobject-list-page'>{$smarty.section.listpage.index+1}</a>
       {/if}
     {/section}
   {/if}
diff --git a/public_html/templates/default/top.tpl b/public_html/templates/default/top.tpl
index 08392ef6..d514989d 100644
--- a/public_html/templates/default/top.tpl
+++ b/public_html/templates/default/top.tpl
@@ -3,7 +3,7 @@
 <html>
   <head>
     <meta http-equiv="content-type" content="text/html; charset={$LSencoding}">
-    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
+    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle|escape:"htmlall"}{/if}</title>
     <link rel="icon" type="image/png" href="images/default/favicon.png" />
     <link rel="stylesheet" type="text/css" href="{css name='base.css'}" title="Normal" />
     <link rel="stylesheet" type="text/css" href="{css name='base_print.css'}" media='print' title="Normal" />
@@ -20,8 +20,8 @@
       
       {if $LSsession_subDn!=""}
         <form action="index.php" method='post' id='LSsession_topDn_form'>
-          <label>{$label_level}
-            <a href="index.php?LSsession_refresh"><img src='{img name='refresh'}' alt='{$_refresh}' title='{$_refresh}' /></a>
+          <label>{$label_level|escape:"htmlall"}
+            <a href="index.php?LSsession_refresh"><img src='{img name='refresh'}' alt='{$_refresh|escape:"htmlall"}' title='{$_refresh|escape:"htmlall"}' /></a>
             <select name='LSsession_topDn' id='LSsession_topDn'>
               {html_options values=$LSsession_subDn_indexes output=$LSsession_subDn_names selected=$LSsession_subDn}
             </select>
@@ -30,26 +30,26 @@
       {/if}
       <ul class='menu'>
       {foreach from=$LSaccess item=label key=LSobject_type}
-        <li class='menu'><a href='view.php?LSobject={$LSobject_type}' class='menu'>{tr msg=$label}</a></li>
+        <li class='menu'><a href='view.php?LSobject={$LSobject_type|escape:"url"}' class='menu'>{tr msg=$label}</a></li>
       {/foreach}
       {foreach from=$LSaddonsViewsAccess item=access}
         {if $access.showInMenu}
-        <li class='menu'><a href='addon_view.php?LSaddon={$access.LSaddon}&view={$access.id}' class='menu'>{tr msg=$access.label}</a></li>
+        <li class='menu'><a href='addon_view.php?LSaddon={$access.LSaddon|escape:"url"}&view={$access.id|escape:"url"}' class='menu'>{tr msg=$access.label}</a></li>
         {/if}
       {/foreach}
       </ul>
     </td>
     <td id='status'>
-    <span>{$lang_label} : <img id='LSlang' src='{img name=$LSlang}' alt='{$LSlang}' title='{$LSlang}'/></span>
+    <span>{$lang_label|escape:"htmlall"} : <img id='LSlang' src='{img name=$LSlang}' alt='{$LSlang|escape:"htmlall"}' title='{$LSlang|escape:"htmlall"}'/></span>
     <form action='' methode='post' style='display: none' class='LSlang_hidden'>
       <select name='lang'>
       {foreach from=$LSlanguages item=lang}
-        <option value='{$lang}'>{$lang}</option>
+        <option value='{$lang|escape:"quotes"}'>{$lang|escape:"htmlall"}</option>
       {/foreach}
       </select>
       <input type='submit' value='->'/>
     </form>
-    {if $displaySelfAccess}{$connected_as} <span id='user_name'>{$LSsession_username}</span>{/if}
+    {if $displaySelfAccess}{$connected_as|escape:"htmlall"} <span id='user_name'>{$LSsession_username|escape:"htmlall"}</span>{/if}
     <a href='index.php?LSsession_refresh=1'><img src='{img name='refresh'}' alt="{tr msg="Refresh my access rights"}" title="{tr msg="Refresh my access rights"}" /></a>
     {if $displayLogoutBtn} <a href='index.php?LSsession_logout'><img src='{img name='logout'}' alt='Logout' title='Logout' /></a>{/if}
     </td>
diff --git a/public_html/templates/default/view.tpl b/public_html/templates/default/view.tpl
index f75952e7..66dde4b4 100644
--- a/public_html/templates/default/view.tpl
+++ b/public_html/templates/default/view.tpl
@@ -1,10 +1,10 @@
 {include file='ls:top.tpl'}
-    {if $pagetitle != ''}<h1 id='LSview_title'>{$pagetitle}</h1>{/if}
+    {if $pagetitle != ''}<h1 id='LSview_title'>{$pagetitle|escape:"htmlall"}</h1>{/if}
     {if $LSview_actions != ''}
     <ul class='LSview-actions'>
       {foreach from=$LSview_actions item=item}
         {if is_array($item)}
-        <li class='LSview-actions'><a href="{$item.url}" class="LSview-actions{if $item.class} {$item.class|escape:"quotes"}{/if}{if $item.helpInfo || ($item.hideLabel && $item.label)} LStips{/if}" {if $item.helpInfo || ($item.hideLabel && $item.label)}title="{if $item.helpInfo}{$item.helpInfo|escape:"quotes"}{else}{$item.label|escape:"quotes"}{/if}"{/if}><img src="{img name=$item.action}" alt="{$item.label|escape:"quotes"}" title="{$item.label|escape:"quotes"}" />{if !isset($item.hideLabel) || !$item.hideLabel} {$item.label}{/if}</a></li>
+        <li class='LSview-actions'><a href='{$item.url|escape:"quotes"}' class='LSview-actions{if $item.class} {$item.class|escape:"quotes"}{/if}{if $item.helpInfo || ($item.hideLabel && $item.label)} LStips{/if}' {if $item.helpInfo || ($item.hideLabel && $item.label)}title='{if $item.helpInfo}{$item.helpInfo|escape:"htmlall"}{else}{$item.label|escape:"htmlall"}{/if}'{/if}><img src="{img name=$item.action}" alt='{$item.label|escape:"htmlall"}' title='{$item.label|escape:"htmlall"}' />{if !isset($item.hideLabel) || !$item.hideLabel} {$item.label}{/if}</a></li>
         {/if}
       {/foreach}
     </ul>
diff --git a/public_html/templates/default/viewSearch.tpl b/public_html/templates/default/viewSearch.tpl
index 6bd16d25..6403c5ec 100644
--- a/public_html/templates/default/viewSearch.tpl
+++ b/public_html/templates/default/viewSearch.tpl
@@ -1,28 +1,28 @@
 {include file='ls:top.tpl'}
-<form action='{$searchForm.action}' method='post' class='LSview_search' id='LSsearch_form'>
+<form action='{$searchForm.action|escape:"quotes"}' method='post' class='LSview_search' id='LSsearch_form'>
 
 <div class='LSview_search'>
   {foreach from=$searchForm.hiddenFields item=value key=name}
-    <input type='hidden' name='{$name}' value='{$value}' />
+    <input type='hidden' name='{$name|escape:"quotes"}' value='{$value|escape:"quotes"}' />
   {/foreach}
   
-  <input type='text' name='pattern' class='LSview_search' value="{$searchForm.values.pattern}"/>
-  <input type='submit' value='{$searchForm.labels.submit}' name='{$searchForm.names.submit}' class='LSview_search' />
+  <input type='text' name='pattern' class='LSview_search' value='{$searchForm.values.pattern|escape:"quotes"}'/>
+  <input type='submit' value='{$searchForm.labels.submit|escape:"quotes"}' name='{$searchForm.names.submit|escape:"quotes"}' class='LSview_search' />
   <p id='LSview_search_param'>
-    <label class='LSview_search'>{$searchForm.labels.approx} : <input type='checkbox' name='approx' class='LSview_search' {if $searchForm.values.approx!=''}checked="true"{/if} /></label>
-    {if $searchForm.recursive}<label class='LSview_search'>{$searchForm.labels.recursive} : <input type='checkbox' name='recursive' class='LSview_search' {if $searchForm.values.recursive!=''}checked="true"{/if}/></label>{/if}
+    <label class='LSview_search'>{$searchForm.labels.approx|escape:"htmlall"} : <input type='checkbox' name='approx' class='LSview_search' {if $searchForm.values.approx!=''}checked="true"{/if} /></label>
+    {if $searchForm.recursive}<label class='LSview_search'>{$searchForm.labels.recursive|escape:"htmlall"} : <input type='checkbox' name='recursive' class='LSview_search' {if $searchForm.values.recursive!=''}checked="true"{/if}/></label>{/if}
   </p>
 </div>
 
 <h1>
-  {$pagetitle}
+  {$pagetitle|escape:"htmlall"}
 </h1>
 
 {if $LSview_actions != ''}
 <ul class='LSview-actions'>
   {foreach from=$LSview_actions item=item}
     {if is_array($item)}
-      <li class='LSview-actions'><a href='{$item.url}' class='LSview-actions'><img src='{img name=$item.action}' alt='{tr msg=$label}' title='{tr msg=$label}' /> {tr msg=$item.label}</a></li>
+      <li class='LSview-actions'><a href='{$item.url|escape:"quotes"}' class='LSview-actions'><img src='{img name=$item.action}' alt='{tr msg=$label}' title='{tr msg=$label}' /> {tr msg=$item.label}</a></li>
     {/if}
   {/foreach}
 </ul>
@@ -42,41 +42,41 @@
     <tr class='LSobject-list'>
       <th class='LSobject-list'>
         {if $LSsearch->sort}
-        <a href='view.php?LSobject={$LSsearch->LSobject}&amp;sortBy=displayName&amp;nocache={$smarty.now}'>
+        <a href='view.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;sortBy=displayName&amp;nocache={$smarty.now}'>
           {if $LSsearch->sortBy == 'displayName'}
-            <strong>{$LSsearch->label_objectName}</strong>
+            <strong>{$LSsearch->label_objectName|escape:"htmlall"}</strong>
             <img src='{img name=$LSsearch->sortDirection}' class='LSobject-list-ordersense' alt='{$LSsearch->sortDirection}'/>
           {else}
-            {$LSsearch->label_objectName}
+            {$LSsearch->label_objectName|escape:"htmlall"}
           {/if}
         </a>
         {else}
-          {$LSsearch->label_objectName}
+          {$LSsearch->label_objectName|escape:"htmlall"}
         {/if}
       </th>
       {if $LSsearch->displaySubDn}
         <th class='LSobject-list LSobject-list-subdn'>
         {if $LSsearch->sort}
-          <a href='view.php?LSobject={$LSsearch->LSobject}&amp;sortBy=subDn&amp;nocache={$smarty.now}'>
+          <a href='view.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;sortBy=subDn&amp;nocache={$smarty.now}'>
           {if $LSsearch->sortBy == 'subDn'}
-            <strong>{$LSsearch->label_level}</strong>
+            <strong>{$LSsearch->label_level|escape:"htmlall"}</strong>
             <img src='{img name=$LSsearch->sortDirection}' class='LSobject-list-ordersense' alt='{$LSsearch->sortDirection}'/>
           {else}
-            {$LSsearch->label_level}
+            {$LSsearch->label_level|escape:"htmlall"}
           {/if}
           </a>
         {else}
-          {$LSsearch->label_level}
+          {$LSsearch->label_level|escape:"htmlall"}
         {/if}
         </th>
       {/if}
       {if $LSsearch->extraDisplayedColumns}
         {foreach from=$LSsearch->visibleExtraDisplayedColumns item=conf key=cid}
-        <th class='LSobject-list'{if $conf.cssStyle} style="{$conf.cssStyle}"{/if}>
+        <th class='LSobject-list'{if $conf.cssStyle} style='{$conf.cssStyle|escape:"quotes"}'{/if}>
         {if $LSsearch->sort}
-          <a href='view.php?LSobject={$LSsearch->LSobject}&amp;sortBy={$cid}&amp;nocache={$smarty.now}'>
+          <a href='view.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;sortBy={$cid|escape:"url"}&amp;nocache={$smarty.now}'>
           {if $LSsearch->sortBy == $cid}
-            <strong>{tr msg=$conf.label}</strong>
+            <strong>{tr msg=$conf.label|escape:"htmlall"}</strong>
             <img src='{img name=$LSsearch->sortDirection}' class='LSobject-list-ordersense' alt='{$LSsearch->sortDirection}'/>
           {else}
             {tr msg=$conf.label}
@@ -88,32 +88,32 @@
         </th>
         {/foreach}
       {/if}
-      <th class='LSobject-list'>{$LSsearch->label_actions}</th>
+      <th class='LSobject-list'>{$LSsearch->label_actions|escape:"htmlall"}</th>
     </tr>
     {foreach from=$page.list item=object}
     <tr class='{cycle values="LSobject-list,LSobject-list LSobject-list-bis"}'>
-        <td class='LSobject-list LSobject-list-names'><a href='view.php?LSobject={$LSsearch->LSobject}&amp;dn={$object->dn|escape:'url'}'  class='LSobject-list'>{$object->displayName}</a> </td>
-        {if $LSsearch->displaySubDn}<td class='LSobject-list'>{$object->subDn}</td>{/if}
+        <td class='LSobject-list LSobject-list-names'><a href='view.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;dn={$object->dn|escape:'url'}'  class='LSobject-list'>{$object->displayName|escape:"htmlall"}</a> </td>
+        {if $LSsearch->displaySubDn}<td class='LSobject-list'>{$object->subDn|escape:"htmlall"}</td>{/if}
         {if $LSsearch->extraDisplayedColumns}
           {foreach from=$LSsearch->visibleExtraDisplayedColumns item=conf key=cid}
-          <td class='LSobject-list'{if $conf.cssStyle} style="{$conf.cssStyle}"{/if}>{$object->$cid}</td>
+          <td class='LSobject-list'{if $conf.cssStyle} style='{$conf.cssStyle|escape:"quotes"}'{/if}>{$object->$cid|escape:"htmlall"}</td>
           {/foreach}
         {/if}
         <td class='LSobject-list LSobject-list-actions'>
         {foreach from=$object->actions item=item}
-          <a href='{$item.url}'  class='LSobject-list-actions'><img src='{img name=$item.action}' alt='{$item.label}' title='{$item.label}'/></a>
+          <a href='{$item.url|escape:"quotes"}'  class='LSobject-list-actions'><img src='{img name=$item.action}' alt='{$item.label|escape:"quotes"}' title='{$item.label|escape:"quotes"}'/></a>
         {/foreach}
         </td>
     </tr>
     {foreachelse}
       <tr class='LSobject-list'>
         <td colspan='{if $LSsearch->extraDisplayedColumns}{count($LSsearch->visibleExtraDisplayedColumns)+3}{else}3{/if}' class='LSobject-list-without-result'>
-          {$LSsearch->label_no_result}
+          {$LSsearch->label_no_result|escape:"htmlall"}
         </td>
       </tr>   
     {/foreach}
 </table>
-<span id='LSobject_list_nbresult'>{$LSsearch->label_total}</span>
+<span id='LSobject_list_nbresult'>{$LSsearch->label_total|escape:"htmlall"}</span>
 {if $page.nbPages > 1}
   <p class='LSobject-list-page'>
     
@@ -127,21 +127,21 @@
     {else}
       {assign var=start value=0}
     {/if}
-    <a href='view.php?LSobject={$LSsearch->LSobject}&amp;page=0' class='LSobject-list-page'><</a> 
+    <a href='view.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;page=0' class='LSobject-list-page'>&lt;</a>
     {foreach from=0|range:10 item=i}
       {if $page.nb==$start+$i}
         <strong class='LSobject-list-page'>{$page.nb+1}</strong> 
       {else}
-        <a href='view.php?LSobject={$LSsearch->LSobject}&amp;page={$i+$start}'  class='LSobject-list-page'>{$i+$start+1}</a> 
+        <a href='view.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;page={$i+$start}'  class='LSobject-list-page'>{$i+$start+1}</a>
       {/if}
     {/foreach}
-    <a href='view.php?LSobject={$LSsearch->LSobject}&amp;page={$page.nbPages-1}' class='LSobject-list-page'>></a> 
+    <a href='view.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;page={$page.nbPages-1}' class='LSobject-list-page'>&gt;</a>
   {else}
     {section name=listpage loop=$page.nbPages step=1}
       {if $page.nb == $smarty.section.listpage.index}
         <strong class='LSobject-list-page'>{$page.nb+1}</strong> 
       {else}
-        <a href='view.php?LSobject={$LSsearch->LSobject}&amp;page={$smarty.section.listpage.index}'  class='LSobject-list-page'>{$smarty.section.listpage.index+1}</a> 
+        <a href='view.php?LSobject={$LSsearch->LSobject|escape:"url"}&amp;page={$smarty.section.listpage.index}'  class='LSobject-list-page'>{$smarty.section.listpage.index+1}</a>
       {/if}
     {/section}
   {/if}