| Key: |
LUTECE-78
|
| Type: |
Bug
|
| Status: |
Open
|
| Priority: |
Critical
|
| Assignee: |
ELY
|
| Reporter: |
ELY
|
| Votes: |
0
|
| Watchers: |
0
|
|
If you were logged in you would be able to see more operations.
|
|
|
Try to save an user value (for example, in workgroup creation form) with html entities ("<", ">", ...) into a text input. You'll see that these characters are not escaped during display.
|
|
Description
|
Try to save an user value (for example, in workgroup creation form) with html entities ("<", ">", ...) into a text input. You'll see that these characters are not escaped during display. |
Show » |
Sort Order:
|
lutece-core - HTML entities not escaped
To resolve HTML entities problems, add <#escape> freemarker tag into templates.
An example is available on plugin-document :
When you surround a part of the template with an escape directive, interpolations (${...}) that occur inside the block are combined with the escaping expression automatically.
<#escape x as x?html>
...
</#escape>
Sometimes there is a need to temporarily turn off escaping for one or two interpolations in an escape block. You can achieve this by closing and later reopening the escape block, but then you have to write the escaping expression twice. You can instead use the noescape directive:
<#noescape>
...
</#noescape>