-<h1>{{$header}}{{if $total}} ({{$total}}){{/if}}</h1>
+<h2>{{$header}}{{if $total}} ({{$total}}){{/if}}</h2>
{{if $finding}}<h4>{{$finding}}</h4>{{/if}}
<div id="contacts-search-wrapper">
<form id="contacts-search-form" action="{{$cmd}}" method="get" >
<span class="contacts-search-desc">{{$desc}}</span>
-<input type="text" name="search" id="contacts-search" class="search-input" onfocus="this.select();" value="{{$search}}" />
-<input type="submit" name="submit" id="contacts-search-submit" value="{{$submit}}" />
+<input type="text" name="search" id="contacts-search" class="search-input" onfocus="this.select();" value="{{$search|escape:'html'}}" />
+<input type="submit" name="submit" id="contacts-search-submit" value="{{$submit|escape:'html'}}" />
</form>
</div>
<div id="contacts-search-end"></div>
{{include file="contact_template.tpl"}}
{{/foreach}}
<div id="contact-edit-end"></div>
-<div class="submit">
+<div id="contacts-actions">
{{foreach $batch_actions as $n=>$l}}
- <input class="batch-action" name="{{$n}}" value="{{$l}}" type="submit">
+ <input class="batch-action" name="{{$n}}" value="{{$l|escape:'html'}}" type="submit">
{{/foreach}}
</div>
</form>