Explicitly declare noescape

modules/document/tpl/preview_page.html

@@ -1,5 +1,5 @@
 <load target="./js/document_admin.js" />
-{$content}
+{$content|noescape}
 <div class="btnArea">
 	<button class="btn" type="button" onclick="window.close();return false;">{$lang->cmd_close}</button>
 </div>

modules/document/tpl/print_page.html

@@ -7,7 +7,7 @@
 {$val->name}: {$val->getValueHtml()}
 <!--@end-->
 <!--@end-->    
-{$oDocument->getContent(false, false)} 
+{$oDocument->getContent(false, false)|noescape} 
 <script>
 jQuery(window).load(function() { window.print(); } );
 </script>

modules/layout/faceoff/layout.html

@@ -18,7 +18,7 @@
 
         <div id="body">
             <div id="content">
-            {$content}
+            {$content|noescape}
             </div>
             <hr />
             <div class="extension e1">

modules/layout/tpl/faceoff_layout_edit.html

@@ -1 +1 @@
-{$content}
+{$content|noescape}

modules/member/m.skins/default/modify_info.html

@@ -35,7 +35,7 @@
 				<label for="{$formTag->name}">{$formTag->title}</label>
 				<div cond="$formTag->name != 'signature'">{$formTag->inputTag}</div>
 				<div cond="$formTag->name =='signature'">
-					{$editor}
+					{$editor|noescape}
 				</div>
 			</li>
 			<li><label for="mailing" class="db fb al">{$lang->allow_mailing}</label><input id="mailing" type="checkbox" name="allow_mailing" value="Y" class="checkbox" <!--@if($member_info->allow_mailing!='N')-->checked="checked"<!--@end--> /> <p style="color:#666">{$lang->about_allow_mailing}</p></li>

modules/member/m.skins/rx_prn/modify_info.html

@@ -31,7 +31,7 @@
 				<block loop="$formTags=>$formTag" cond="$formTag->name !== 'profile_image'">
 					<label for="{$formTag->name}" class="control-label">{trim(str_replace('*','',strip_tags($formTag->title)))}<!--@if(strpos($formTag->title,'<em style="color:red">*</em>') !== false)--><sup style="color:red">*</sup><!--@endif--></label>
 					<block cond="$formTag->name != 'signature'">{$formTag->inputTag}</block>
-					<block cond="$formTag->name =='signature'">{$editor}</block>
+					<block cond="$formTag->name =='signature'">{$editor|noescape}</block>
 				</block>
 				<label class="control-label">{$lang->allow_mailing}</label>
 				<div class="controls">

modules/member/m.skins/rx_prn/signup_form.html

@@ -59,7 +59,7 @@
 					</block>
 					<block cond="$formTag->name == 'signature'">
 						 <input type="hidden" name="signature" value="" />
-						{$editor}
+						{$editor|noescape}
 					</block>
 				</block>
 				<div class="control-label">{$lang->allow_mailing}</div>

modules/member/skins/default/modify_info.html

@@ -30,7 +30,7 @@
 		<label for="{$formTag->name}" class="control-label">{$formTag->title}</label>
 		<div class="controls" cond="$formTag->name != 'signature'">{$formTag->inputTag}</div>
 		<div class="controls" cond="$formTag->name =='signature'">
-			{$editor}
+			{$editor|noescape}
 <style scoped>
 .xpress-editor>#smart_content,
 .xpress-editor>#smart_content>.tool{clear:none}

modules/member/skins/default/signup_form.html

@@ -59,7 +59,7 @@
 			</div>
 			<div class="controls" cond="$formTag->name == 'signature'">
 				<input type="hidden" name="signature" value="" />
-				{$editor}
+				{$editor|noescape}
 				<style scoped>
 				.xpress-editor>#smart_content,
 				.xpress-editor>#smart_content>.tool{clear:none}

modules/member/skins/simple_world/modify_info.html

@@ -25,7 +25,7 @@
 			<block loop="$formTags=>$formTag">
 				<label for="{$formTag->name}" class="control-label">{trim(str_replace('*','',strip_tags($formTag->title)))}<!--@if(strpos($formTag->title,'<em style="color:red">*</em>') !== false)--><sup style="color:red">*</sup><!--@endif--></label>
 				<block cond="$formTag->name != 'signature'">{$formTag->inputTag}</block>
-				<block cond="$formTag->name =='signature'">{$editor}</block>
+				<block cond="$formTag->name =='signature'">{$editor|noescape}</block>
 			</block>
 			<label class="control-label">{$lang->allow_mailing}</label>
 			<div class="controls">

modules/member/skins/simple_world/signup_form.html

@@ -53,7 +53,7 @@
 				</block>
 				<block cond="$formTag->name == 'signature'">
 					 <input type="hidden" name="signature" value="" />
-					{$editor}
+					{$editor|noescape}
 				</block>
 			</block>
 			<div class="control-label">{$lang->allow_mailing}</div>

modules/member/tpl/insert_member.html

@@ -48,7 +48,7 @@
 	<div loop="$formTags=>$formTag" class="x_control-group">
 		<label class="x_control-label" for="{$formTag->name}">{$formTag->title}</label>
 		<div class="x_controls" cond="$formTag->name != 'signature'">{$formTag->inputTag}</div>
-		<div class="x_controls" cond="$formTag->name =='signature'">{$editor}</div>
+		<div class="x_controls" cond="$formTag->name =='signature'">{$editor|noescape}</div>
 	</div>
 <style scoped>
 .xpress-editor>#smart_content,