close

Filter

loading table of contents...

Release Notes / Version 11.2304

Table Of Contents

Freemarker Macro {{<@cm.message />}} Escapes Output by Default

While the output of the Freemarker function ${cm.getMessage() } is escaped by Freemarker, the same functionallity as Freemarcer macro <@cm.message /> was not. For security reasons we changed it, so both are escaped now by default. This is important if you add unchecked user input values into the message strings, like for example in search result headers.

Upgrade Steps:

Only if you have translation messages including HTML in your properties files and using the macro, you need to add the parameter escaping=false , in all other cases you have nothing to do.

Example: Before: <@cm.message key="message_with_html"/> After: <@cm.message key="message_with_html" escaping=false/>

(CMS-21409)

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.