use nicer smarty-output instead of direct echo output, which also fixes a potential xss vulnerability
