diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php
index b2074224412..852589dbd1a 100644
--- a/htdocs/compta/facture/list.php
+++ b/htdocs/compta/facture/list.php
@@ -1846,8 +1846,8 @@ if ($resql) {
}
// Alias
if (!empty($arrayfields['s.name_alias']['checked'])) {
- print '| ';
- print $obj->name_alias;
+ print ' | ';
+ print dol_escape_htmltag($obj->name_alias);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;
@@ -1855,8 +1855,8 @@ if ($resql) {
}
// Town
if (!empty($arrayfields['s.town']['checked'])) {
- print '';
- print $obj->town;
+ print ' | ';
+ print dol_escape_htmltag($obj->town);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;
@@ -1865,7 +1865,7 @@ if ($resql) {
// Zip
if (!empty($arrayfields['s.zip']['checked'])) {
print '';
- print $obj->zip;
+ print dol_escape_htmltag($obj->zip);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;
@@ -1873,7 +1873,7 @@ if ($resql) {
}
// State
if (!empty($arrayfields['state.nom']['checked'])) {
- print "".$obj->state_name." | \n";
+ print "".dol_escape_htmltag($obj->state_name)." | \n";
if (!$i) {
$totalarray['nbfield']++;
}
@@ -1936,7 +1936,7 @@ if ($resql) {
// Module Source
if (!empty($arrayfields['f.module_source']['checked'])) {
print '';
- print $obj->module_source;
+ print dol_escape_htmltag($obj->module_source);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;
@@ -1946,7 +1946,7 @@ if ($resql) {
// POS Terminal
if (!empty($arrayfields['f.pos_source']['checked'])) {
print '';
- print $obj->pos_source;
+ print dol_escape_htmltag($obj->pos_source);
print ' | ';
if (!$i) {
$totalarray['nbfield']++;