[keycloak-user] Issues when modifying account.ftl
Stan Silvert
ssilvert at redhat.com
Wed Nov 28 10:56:57 EST 2018
I'm not sure how the ?html got in there. Was it included in the
documentation? If so, the doc needs to be changed.
To properly sanitize html in Keycloak you should use ?no_esc with
kcSanitize. Here is an example from account.ftl:
<a
href="${url.referrerURI}">${kcSanitize(msg("backToApplication")?no_esc)}</a>
On 11/28/2018 4:32 AM, So Be wrote:
> Hi,
>
> I added some attributes to registration page by following this link
> https://www.keycloak.org/docs/latest/server_development/index.html#modifying-extending-the-registration-form
>
> but I got this error:
>
> Caused by: freemarker.core.ParseException: Syntax error in template
> "account.ftl" in line 54, column 171:
> 11/28/2018 10:22:28 AMUsing ?html (legacy escaping) is not allowed when
> auto-escaping is on with a markup output format (HTML), to avoid
> double-escaping mistakes.
> 11/28/2018 10:22:28 AM at
> freemarker.core.FMParser.BuiltIn(FMParser.java:1188)
>
> ....
>
> Best,
>
> Sofiane.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list