I'm not sure how the ?html got in there. Was it included in the
documentation? If so, the doc needs to be changed.
To properly sanitize html in Keycloak you should use ?no_esc with
kcSanitize. Here is an example from account.ftl:
<a
href="${url.referrerURI}">${kcSanitize(msg("backToApplication")?no_esc)}</a>
On 11/28/2018 4:32 AM, So Be wrote:
Hi,
I added some attributes to registration page by following this link
https://www.keycloak.org/docs/latest/server_development/index.html#modify...
but I got this error:
Caused by: freemarker.core.ParseException: Syntax error in template
"account.ftl" in line 54, column 171:
11/28/2018 10:22:28 AMUsing ?html (legacy escaping) is not allowed when
auto-escaping is on with a markup output format (HTML), to avoid
double-escaping mistakes.
11/28/2018 10:22:28 AM at
freemarker.core.FMParser.BuiltIn(FMParser.java:1188)
....
Best,
Sofiane.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user