[keycloak-user] Issues when modifying account.ftl

Stan Silvert ssilvert at redhat.com
Wed Nov 28 10:56:57 EST 2018


I'm not sure how the ?html got in there.  Was it included in the 
documentation?  If so, the doc needs to be changed.

To properly sanitize html in Keycloak you should use ?no_esc with 
kcSanitize.  Here is an example from account.ftl:

<a 
href="${url.referrerURI}">${kcSanitize(msg("backToApplication")?no_esc)}</a>


On 11/28/2018 4:32 AM, So Be wrote:
> Hi,
>
> I added some attributes to registration page by following this link
> https://www.keycloak.org/docs/latest/server_development/index.html#modifying-extending-the-registration-form
>
> but I got this error:
>
> Caused by: freemarker.core.ParseException: Syntax error in template
> "account.ftl" in line 54, column 171:
> 11/28/2018 10:22:28 AMUsing ?html (legacy escaping) is not allowed when
> auto-escaping is on with a markup output format (HTML), to avoid
> double-escaping mistakes.
> 11/28/2018 10:22:28 AM at
> freemarker.core.FMParser.BuiltIn(FMParser.java:1188)
>
> ....
>
> Best,
>
> Sofiane.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list