This issue has been created
There is 1 update.
 
 
XWiki Commons / cid:jira-generated-image-avatar-8d25d43b-dd8d-4354-8e77-60927e9f6f52 XCOMMONS-3410 Open

$jsontool and $escapetool should escape < to allow safe usage in <script> tags
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-78fed199-8d42-4577-bdd6-0afd56d640ca Michael Hamann created this issue on 01/Sep/25 16:51
 
Summary: $jsontool and $escapetool should escape < to allow safe usage in <script> tags
Issue Type: cid:jira-generated-image-avatar-8d25d43b-dd8d-4354-8e77-60927e9f6f52 Bug
Affects Versions: 16.10.0
Assignee: Unassigned
Components: Velocity
Created: 01/Sep/25 16:51
Priority: cid:jira-generated-image-static-major-dc15f4bc-c4f5-4ccb-b175-fdb7e183e29f Major
Reporter: Michael Hamann
Description:

Steps to reproduce:

Create a page with the content

{{velocity}}{{html}}
<script>$jsontool.serialize({
  'closeComment': '-->',
  'closeScript': '</script>',
  'openComment': '<!--',
  'openScript': '<script>'
});
'$escapetool.javascript('<!--')';
</script>
<h1>Success! ๐ŸŽ‰</h1>
{{/html}}{{/velocity}}

Expected result:

The text "Success! ๐ŸŽ‰" is displayed on the page, the XWiki UI is displayed regularly.

Actual result:

The text isn't displayed. The panels and the footer of the wiki are missing.
 
 

1 update

 
cid:jira-generated-image-avatar-78fed199-8d42-4577-bdd6-0afd56d640ca Changes by Michael Hamann on 01/Sep/25 16:51
 
Assignee: Michael Hamann
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.