keycloak-aplcache
Changes
pom.xml 2(+1 -1)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/account/account.ftl 20(+10 -10)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/login-update-profile.ftl 16(+8 -8)
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/register.ftl 20(+10 -10)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java 9(+7 -2)
Details
diff --git a/examples/themes/src/main/resources/theme/address/account/account.ftl b/examples/themes/src/main/resources/theme/address/account/account.ftl
index ca0d1c8..49effa4 100755
--- a/examples/themes/src/main/resources/theme/address/account/account.ftl
+++ b/examples/themes/src/main/resources/theme/address/account/account.ftl
@@ -20,7 +20,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')?html}"/>
+ <input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')}"/>
</div>
</div>
@@ -30,7 +30,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="email" name="email" autofocus value="${(account.email!'')?html}"/>
+ <input type="text" class="form-control" id="email" name="email" autofocus value="${(account.email!'')}"/>
</div>
</div>
@@ -40,7 +40,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="firstName" name="firstName" value="${(account.firstName!'')?html}"/>
+ <input type="text" class="form-control" id="firstName" name="firstName" value="${(account.firstName!'')}"/>
</div>
</div>
@@ -50,7 +50,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="lastName" name="lastName" value="${(account.lastName!'')?html}"/>
+ <input type="text" class="form-control" id="lastName" name="lastName" value="${(account.lastName!'')}"/>
</div>
</div>
@@ -60,7 +60,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.street" name="user.attributes.street" value="${(account.attributes.street!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.street" name="user.attributes.street" value="${(account.attributes.street!'')}"/>
</div>
</div>
<div class="form-group">
@@ -69,7 +69,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.locality" name="user.attributes.locality" value="${(account.attributes.locality!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.locality" name="user.attributes.locality" value="${(account.attributes.locality!'')}"/>
</div>
</div>
<div class="form-group">
@@ -78,7 +78,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.region" name="user.attributes.region" value="${(account.attributes.region!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.region" name="user.attributes.region" value="${(account.attributes.region!'')}"/>
</div>
</div>
<div class="form-group">
@@ -87,7 +87,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(account.attributes.postal_code!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(account.attributes.postal_code!'')}"/>
</div>
</div>
<div class="form-group">
@@ -96,14 +96,14 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.country" name="user.attributes.country" value="${(account.attributes.country!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.country" name="user.attributes.country" value="${(account.attributes.country!'')}"/>
</div>
</div>
<div class="form-group">
<div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
<div class="">
- <#if url.referrerURI??><a href="${url.referrerURI}">${msg("backToApplication")}/a></#if>
+ <#if url.referrerURI??><a href="${url.referrerURI}">${msg("backToApplication")?no_esc}/a></#if>
<button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
<button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Cancel">${msg("doCancel")}</button>
</div>
diff --git a/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl b/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
index e02a340..e9aa007 100755
--- a/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
+++ b/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
@@ -11,7 +11,7 @@
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="email" name="email" value="${(user.email!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="email" name="email" value="${(user.email!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
@@ -20,7 +20,7 @@
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="firstName" name="firstName" value="${(user.firstName!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="firstName" name="firstName" value="${(user.firstName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
@@ -29,7 +29,7 @@
<label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="lastName" name="lastName" value="${(user.lastName!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="lastName" name="lastName" value="${(user.lastName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
@@ -39,7 +39,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.street" name="user.attributes.street" value="${(user.attributes.street!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.street" name="user.attributes.street" value="${(user.attributes.street!'')}"/>
</div>
</div>
<div class="form-group">
@@ -48,7 +48,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.locality" name="user.attributes.locality" value="${(user.attributes.locality!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.locality" name="user.attributes.locality" value="${(user.attributes.locality!'')}"/>
</div>
</div>
<div class="form-group">
@@ -57,7 +57,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.region" name="user.attributes.region" value="${(user.attributes.region!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.region" name="user.attributes.region" value="${(user.attributes.region!'')}"/>
</div>
</div>
<div class="form-group">
@@ -66,7 +66,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(user.attributes.postal_code!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(user.attributes.postal_code!'')}"/>
</div>
</div>
<div class="form-group">
@@ -75,7 +75,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.country" name="user.attributes.country" value="${(user.attributes.country!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.country" name="user.attributes.country" value="${(user.attributes.country!'')}"/>
</div>
</div>
diff --git a/examples/themes/src/main/resources/theme/address/login/register.ftl b/examples/themes/src/main/resources/theme/address/login/register.ftl
index 3247305..deca37f 100755
--- a/examples/themes/src/main/resources/theme/address/login/register.ftl
+++ b/examples/themes/src/main/resources/theme/address/login/register.ftl
@@ -12,7 +12,7 @@
<label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')?html}" />
+ <input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')}" />
</div>
</div>
</#if>
@@ -21,7 +21,7 @@
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName" value="${(register.formData.firstName!'')?html}" />
+ <input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName" value="${(register.formData.firstName!'')}" />
</div>
</div>
@@ -30,7 +30,7 @@
<label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName" value="${(register.formData.lastName!'')?html}" />
+ <input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName" value="${(register.formData.lastName!'')}" />
</div>
</div>
@@ -39,7 +39,7 @@
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')?html}" />
+ <input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')}" />
</div>
</div>
@@ -68,7 +68,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.street" name="user.attributes.street" value="${(register.formData['user.attributes.street']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.street" name="user.attributes.street" value="${(register.formData['user.attributes.street']!'')}"/>
</div>
</div>
<div class="form-group">
@@ -77,7 +77,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.locality" name="user.attributes.locality" value="${(register.formData['user.attributes.locality']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.locality" name="user.attributes.locality" value="${(register.formData['user.attributes.locality']!'')}"/>
</div>
</div>
<div class="form-group">
@@ -86,7 +86,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.region" name="user.attributes.region" value="${(register.formData['user.attributes.region']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.region" name="user.attributes.region" value="${(register.formData['user.attributes.region']!'')}"/>
</div>
</div>
<div class="form-group">
@@ -95,7 +95,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(register.formData['user.attributes.postal_code']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(register.formData['user.attributes.postal_code']!'')}"/>
</div>
</div>
<div class="form-group">
@@ -104,7 +104,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.country" name="user.attributes.country" value="${(register.formData['user.attributes.country']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.country" name="user.attributes.country" value="${(register.formData['user.attributes.country']!'')}"/>
</div>
</div>
<#if recaptchaRequired??>
@@ -118,7 +118,7 @@
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
- <span><a href="${url.loginUrl}">${msg("backToLogin")}</a></span>
+ <span><a href="${url.loginUrl}">${msg("backToLogin")?no_esc}</a></span>
</div>
</div>
pom.xml 2(+1 -1)
diff --git a/pom.xml b/pom.xml
index 22846e2..2717a52 100755
--- a/pom.xml
+++ b/pom.xml
@@ -91,11 +91,11 @@
<apacheds.version>2.0.0-M21</apacheds.version>
<apacheds.codec.version>1.0.0-M33</apacheds.codec.version>
<google.zxing.version>3.2.1</google.zxing.version>
+ <freemarker.version>2.3.26-incubating</freemarker.version>
<!-- Same version as ships with wildfly. -->
<google.guava.version>20.0</google.guava.version>
- <freemarker.version>2.3.23</freemarker.version>
<jetty9.version>9.1.0.v20131115</jetty9.version>
<liquibase.version>3.4.1</liquibase.version>
<mysql.version>5.1.29</mysql.version>
diff --git a/services/src/main/java/org/keycloak/theme/FreeMarkerUtil.java b/services/src/main/java/org/keycloak/theme/FreeMarkerUtil.java
index 5aa6628..a8b1784 100755
--- a/services/src/main/java/org/keycloak/theme/FreeMarkerUtil.java
+++ b/services/src/main/java/org/keycloak/theme/FreeMarkerUtil.java
@@ -18,6 +18,7 @@
package org.keycloak.theme;
import freemarker.cache.URLTemplateLoader;
+import freemarker.core.HTMLOutputFormat;
import freemarker.template.Configuration;
import freemarker.template.Template;
import org.keycloak.Config;
@@ -67,6 +68,13 @@ public class FreeMarkerUtil {
private Template getTemplate(String templateName, Theme theme) throws IOException {
Configuration cfg = new Configuration();
+
+ // Assume *.ftl files are html. This lets freemarker know how to
+ // sanitize and prevent XSS attacks.
+ if (templateName.toLowerCase().endsWith(".ftl")) {
+ cfg.setOutputFormat(HTMLOutputFormat.INSTANCE);
+ }
+
cfg.setTemplateLoader(new ThemeTemplateLoader(theme));
return cfg.getTemplate(templateName, "UTF-8");
}
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/account/account.ftl b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/account/account.ftl
index d2a6af1..5e83c8d 100755
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/account/account.ftl
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/account/account.ftl
@@ -20,7 +20,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')?html}"/>
+ <input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')}"/>
</div>
</div>
@@ -30,7 +30,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="email" name="email" autofocus value="${(account.email!'')?html}"/>
+ <input type="text" class="form-control" id="email" name="email" autofocus value="${(account.email!'')}"/>
</div>
</div>
@@ -40,7 +40,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="firstName" name="firstName" value="${(account.firstName!'')?html}"/>
+ <input type="text" class="form-control" id="firstName" name="firstName" value="${(account.firstName!'')}"/>
</div>
</div>
@@ -50,7 +50,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="lastName" name="lastName" value="${(account.lastName!'')?html}"/>
+ <input type="text" class="form-control" id="lastName" name="lastName" value="${(account.lastName!'')}"/>
</div>
</div>
@@ -60,7 +60,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.street" name="user.attributes.street" value="${(account.attributes.street!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.street" name="user.attributes.street" value="${(account.attributes.street!'')}"/>
</div>
</div>
<div class="form-group">
@@ -69,7 +69,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.locality" name="user.attributes.locality" value="${(account.attributes.locality!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.locality" name="user.attributes.locality" value="${(account.attributes.locality!'')}"/>
</div>
</div>
<div class="form-group">
@@ -78,7 +78,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.region" name="user.attributes.region" value="${(account.attributes.region!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.region" name="user.attributes.region" value="${(account.attributes.region!'')}"/>
</div>
</div>
<div class="form-group">
@@ -87,7 +87,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(account.attributes.postal_code!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(account.attributes.postal_code!'')}"/>
</div>
</div>
<div class="form-group">
@@ -96,14 +96,14 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="user.attributes.country" name="user.attributes.country" value="${(account.attributes.country!'')?html}"/>
+ <input type="text" class="form-control" id="user.attributes.country" name="user.attributes.country" value="${(account.attributes.country!'')}"/>
</div>
</div>
<div class="form-group">
<div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
<div class="">
- <#if url.referrerURI??><a href="${url.referrerURI}">${msg("backToApplication")}/a></#if>
+ <#if url.referrerURI??><a href="${url.referrerURI}">${msg("backToApplication")?no_esc}/a></#if>
<button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
<button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Cancel">${msg("doCancel")}</button>
</div>
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/login-update-profile.ftl b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/login-update-profile.ftl
index e02a340..e9aa007 100755
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/login-update-profile.ftl
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/login-update-profile.ftl
@@ -11,7 +11,7 @@
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="email" name="email" value="${(user.email!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="email" name="email" value="${(user.email!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
@@ -20,7 +20,7 @@
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="firstName" name="firstName" value="${(user.firstName!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="firstName" name="firstName" value="${(user.firstName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
@@ -29,7 +29,7 @@
<label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="lastName" name="lastName" value="${(user.lastName!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="lastName" name="lastName" value="${(user.lastName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
@@ -39,7 +39,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.street" name="user.attributes.street" value="${(user.attributes.street!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.street" name="user.attributes.street" value="${(user.attributes.street!'')}"/>
</div>
</div>
<div class="form-group">
@@ -48,7 +48,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.locality" name="user.attributes.locality" value="${(user.attributes.locality!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.locality" name="user.attributes.locality" value="${(user.attributes.locality!'')}"/>
</div>
</div>
<div class="form-group">
@@ -57,7 +57,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.region" name="user.attributes.region" value="${(user.attributes.region!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.region" name="user.attributes.region" value="${(user.attributes.region!'')}"/>
</div>
</div>
<div class="form-group">
@@ -66,7 +66,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(user.attributes.postal_code!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(user.attributes.postal_code!'')}"/>
</div>
</div>
<div class="form-group">
@@ -75,7 +75,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.country" name="user.attributes.country" value="${(user.attributes.country!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.country" name="user.attributes.country" value="${(user.attributes.country!'')}"/>
</div>
</div>
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/register.ftl b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/register.ftl
index 3247305..deca37f 100755
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/register.ftl
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/theme/address/login/register.ftl
@@ -12,7 +12,7 @@
<label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')?html}" />
+ <input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')}" />
</div>
</div>
</#if>
@@ -21,7 +21,7 @@
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName" value="${(register.formData.firstName!'')?html}" />
+ <input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName" value="${(register.formData.firstName!'')}" />
</div>
</div>
@@ -30,7 +30,7 @@
<label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName" value="${(register.formData.lastName!'')?html}" />
+ <input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName" value="${(register.formData.lastName!'')}" />
</div>
</div>
@@ -39,7 +39,7 @@
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')?html}" />
+ <input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')}" />
</div>
</div>
@@ -68,7 +68,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.street" name="user.attributes.street" value="${(register.formData['user.attributes.street']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.street" name="user.attributes.street" value="${(register.formData['user.attributes.street']!'')}"/>
</div>
</div>
<div class="form-group">
@@ -77,7 +77,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.locality" name="user.attributes.locality" value="${(register.formData['user.attributes.locality']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.locality" name="user.attributes.locality" value="${(register.formData['user.attributes.locality']!'')}"/>
</div>
</div>
<div class="form-group">
@@ -86,7 +86,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.region" name="user.attributes.region" value="${(register.formData['user.attributes.region']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.region" name="user.attributes.region" value="${(register.formData['user.attributes.region']!'')}"/>
</div>
</div>
<div class="form-group">
@@ -95,7 +95,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(register.formData['user.attributes.postal_code']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.postal_code" name="user.attributes.postal_code" value="${(register.formData['user.attributes.postal_code']!'')}"/>
</div>
</div>
<div class="form-group">
@@ -104,7 +104,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" class="${properties.kcInputClass!}" id="user.attributes.country" name="user.attributes.country" value="${(register.formData['user.attributes.country']!'')?html}"/>
+ <input type="text" class="${properties.kcInputClass!}" id="user.attributes.country" name="user.attributes.country" value="${(register.formData['user.attributes.country']!'')}"/>
</div>
</div>
<#if recaptchaRequired??>
@@ -118,7 +118,7 @@
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
- <span><a href="${url.loginUrl}">${msg("backToLogin")}</a></span>
+ <span><a href="${url.loginUrl}">${msg("backToLogin")?no_esc}</a></span>
</div>
</div>
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
index c5147b9..bc4379e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
@@ -439,7 +439,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
MimeMessage message = greenMail.getReceivedMessages()[0];
- String changePasswordUrl = getPasswordResetEmailLink(message);
+ String changePasswordUrl = getPasswordResetEmailLink(message).replace("&", "&");
setTimeOffset(70);
@@ -735,7 +735,12 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
assertEquals("text/html; charset=UTF-8", htmlContentType);
final String htmlBody = (String) multipart.getBodyPart(1).getContent();
- final String htmlChangePwdUrl = MailUtils.getLink(htmlBody);
+
+ // .replace() accounts for escaping the ampersand
+ // It's not escaped in the html version because html retrieved from a
+ // message bundle is considered safe and it must be unescaped to display
+ // properly.
+ final String htmlChangePwdUrl = MailUtils.getLink(htmlBody).replace("&", "&");
assertEquals(htmlChangePwdUrl, textChangePwdUrl);
diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
index c854e1e..e977aef 100755
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
@@ -356,7 +356,12 @@ public abstract class AbstractIdentityProviderTest {
assertEquals("text/html; charset=UTF-8", htmlContentType);
final String htmlBody = (String) multipart.getBodyPart(1).getContent();
- final String htmlVerificationUrl = MailUtil.getLink(htmlBody);
+
+ // .replace() accounts for escaping the ampersand
+ // It's not escaped in the html version because html retrieved from a
+ // message bundle is considered safe and it must be unescaped to display
+ // properly.
+ final String htmlVerificationUrl = MailUtil.getLink(htmlBody).replace("&", "&");
assertEquals(htmlVerificationUrl, textVerificationUrl);
diff --git a/themes/src/main/resources/theme/base/account/account.ftl b/themes/src/main/resources/theme/base/account/account.ftl
index 08433f8..2fc3bdb 100755
--- a/themes/src/main/resources/theme/base/account/account.ftl
+++ b/themes/src/main/resources/theme/base/account/account.ftl
@@ -12,7 +12,7 @@
<form action="${url.accountUrl}" class="form-horizontal" method="post">
- <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker?html}">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<#if !realm.registrationEmailAsUsername>
<div class="form-group ${messagesPerField.printIfExists('username','has-error')}">
@@ -21,7 +21,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')?html}"/>
+ <input type="text" class="form-control" id="username" name="username" <#if !realm.editUsernameAllowed>disabled="disabled"</#if> value="${(account.username!'')}"/>
</div>
</div>
</#if>
@@ -32,7 +32,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="email" name="email" autofocus value="${(account.email!'')?html}"/>
+ <input type="text" class="form-control" id="email" name="email" autofocus value="${(account.email!'')}"/>
</div>
</div>
@@ -42,7 +42,7 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="firstName" name="firstName" value="${(account.firstName!'')?html}"/>
+ <input type="text" class="form-control" id="firstName" name="firstName" value="${(account.firstName!'')}"/>
</div>
</div>
@@ -52,14 +52,14 @@
</div>
<div class="col-sm-10 col-md-10">
- <input type="text" class="form-control" id="lastName" name="lastName" value="${(account.lastName!'')?html}"/>
+ <input type="text" class="form-control" id="lastName" name="lastName" value="${(account.lastName!'')}"/>
</div>
</div>
<div class="form-group">
<div id="kc-form-buttons" class="col-md-offset-2 col-md-10 submit">
<div class="">
- <#if url.referrerURI??><a href="${url.referrerURI}">${msg("backToApplication")}/a></#if>
+ <#if url.referrerURI??><a href="${url.referrerURI}">${msg("backToApplication")?no_esc}/a></#if>
<button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Save">${msg("doSave")}</button>
<button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="submitAction" value="Cancel">${msg("doCancel")}</button>
</div>
diff --git a/themes/src/main/resources/theme/base/account/applications.ftl b/themes/src/main/resources/theme/base/account/applications.ftl
index 45a253a..50c2b04 100755
--- a/themes/src/main/resources/theme/base/account/applications.ftl
+++ b/themes/src/main/resources/theme/base/account/applications.ftl
@@ -8,8 +8,8 @@
</div>
<form action="${url.revokeClientUrl}" method="post">
- <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker?html}">
- <input type="hidden" id="referrer" name="referrer" value="${stateChecker?html}">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
+ <input type="hidden" id="referrer" name="referrer" value="${stateChecker}">
<table class="table table-striped table-bordered">
<thead>
diff --git a/themes/src/main/resources/theme/base/account/password.ftl b/themes/src/main/resources/theme/base/account/password.ftl
index 5df2118..26b21ea 100755
--- a/themes/src/main/resources/theme/base/account/password.ftl
+++ b/themes/src/main/resources/theme/base/account/password.ftl
@@ -26,7 +26,7 @@
</div>
</#if>
- <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker?html}">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<div class="form-group">
<div class="col-sm-2 col-md-2">
diff --git a/themes/src/main/resources/theme/base/account/template.ftl b/themes/src/main/resources/theme/base/account/template.ftl
index bc59407..f7587f9 100644
--- a/themes/src/main/resources/theme/base/account/template.ftl
+++ b/themes/src/main/resources/theme/base/account/template.ftl
@@ -20,7 +20,7 @@
</#if>
</head>
<body class="admin-console user ${bodyClass}">
-
+
<header class="navbar navbar-default navbar-pf navbar-main header">
<nav class="navbar" role="navigation">
<div class="navbar-header">
@@ -43,8 +43,8 @@
</div>
<li>
</#if>
- <#if referrer?has_content && referrer.url?has_content><li><a href="${referrer.url?html}" id="referrer">${msg("backTo",referrer.name?html)}</a></li></#if>
- <li><a href="${url.logoutUrl?html}">${msg("doSignOut")}</a></li>
+ <#if referrer?has_content && referrer.url?has_content><li><a href="${referrer.url}" id="referrer">${msg("backTo",referrer.name)}</a></li></#if>
+ <li><a href="${url.logoutUrl}">${msg("doSignOut")}</a></li>
</ul>
</div>
</div>
diff --git a/themes/src/main/resources/theme/base/account/totp.ftl b/themes/src/main/resources/theme/base/account/totp.ftl
index f02ef2c..30b2d40 100755
--- a/themes/src/main/resources/theme/base/account/totp.ftl
+++ b/themes/src/main/resources/theme/base/account/totp.ftl
@@ -29,7 +29,7 @@
<ol>
<li>
- <p>${msg("totpStep1")}</p>
+ <p>${msg("totpStep1")?no_esc}</p>
</li>
<li>
<p>${msg("totpStep2")}</p>
@@ -44,7 +44,7 @@
<hr/>
<form action="${url.totpUrl}" class="form-horizontal" method="post">
- <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker?html}">
+ <input type="hidden" id="stateChecker" name="stateChecker" value="${stateChecker}">
<div class="form-group">
<div class="col-sm-2 col-md-2">
<label for="totp" class="control-label">${msg("authenticatorCode")}</label>
diff --git a/themes/src/main/resources/theme/base/email/html/email-test.ftl b/themes/src/main/resources/theme/base/email/html/email-test.ftl
index 604415d..d5d18b7 100644
--- a/themes/src/main/resources/theme/base/email/html/email-test.ftl
+++ b/themes/src/main/resources/theme/base/email/html/email-test.ftl
@@ -1,5 +1,5 @@
<html>
<body>
-${msg("emailTestBodyHtml",realmName)}
+${msg("emailTestBodyHtml",realmName)?no_esc}
</body>
</html>
diff --git a/themes/src/main/resources/theme/base/email/html/email-verification.ftl b/themes/src/main/resources/theme/base/email/html/email-verification.ftl
index eb7682a..b2142ef 100644
--- a/themes/src/main/resources/theme/base/email/html/email-verification.ftl
+++ b/themes/src/main/resources/theme/base/email/html/email-verification.ftl
@@ -1,5 +1,5 @@
<html>
<body>
-${msg("emailVerificationBodyHtml",link, linkExpiration, realmName)}
+${msg("emailVerificationBodyHtml",link, linkExpiration, realmName)?no_esc}
</body>
</html>
diff --git a/themes/src/main/resources/theme/base/email/html/event-login_error.ftl b/themes/src/main/resources/theme/base/email/html/event-login_error.ftl
index d314103..68ba81d 100644
--- a/themes/src/main/resources/theme/base/email/html/event-login_error.ftl
+++ b/themes/src/main/resources/theme/base/email/html/event-login_error.ftl
@@ -1,5 +1,5 @@
<html>
<body>
-${msg("eventLoginErrorBodyHtml",event.date,event.ipAddress)}
+${msg("eventLoginErrorBodyHtml",event.date,event.ipAddress)?no_esc}
</body>
</html>
diff --git a/themes/src/main/resources/theme/base/email/html/event-remove_totp.ftl b/themes/src/main/resources/theme/base/email/html/event-remove_totp.ftl
index 91699ea..e5ddadb 100644
--- a/themes/src/main/resources/theme/base/email/html/event-remove_totp.ftl
+++ b/themes/src/main/resources/theme/base/email/html/event-remove_totp.ftl
@@ -1,5 +1,5 @@
<html>
<body>
-${msg("eventRemoveTotpBodyHtml",event.date, event.ipAddress)}
+${msg("eventRemoveTotpBodyHtml",event.date, event.ipAddress)?no_esc}
</body>
</html>
diff --git a/themes/src/main/resources/theme/base/email/html/event-update_password.ftl b/themes/src/main/resources/theme/base/email/html/event-update_password.ftl
index 8a6da60..dd5fda3 100644
--- a/themes/src/main/resources/theme/base/email/html/event-update_password.ftl
+++ b/themes/src/main/resources/theme/base/email/html/event-update_password.ftl
@@ -1,5 +1,5 @@
<html>
<body>
-${msg("eventUpdatePasswordBodyHtml",event.date, event.ipAddress)}
+${msg("eventUpdatePasswordBodyHtml",event.date, event.ipAddress)?no_esc}
</body>
</html>
diff --git a/themes/src/main/resources/theme/base/email/html/event-update_totp.ftl b/themes/src/main/resources/theme/base/email/html/event-update_totp.ftl
index c0190c7..050abab 100644
--- a/themes/src/main/resources/theme/base/email/html/event-update_totp.ftl
+++ b/themes/src/main/resources/theme/base/email/html/event-update_totp.ftl
@@ -1,5 +1,5 @@
<html>
<body>
-${msg("eventUpdateTotpBodyHtml",event.date, event.ipAddress)}
+${msg("eventUpdateTotpBodyHtml",event.date, event.ipAddress)?no_esc}
</body>
</html>
diff --git a/themes/src/main/resources/theme/base/email/html/executeActions.ftl b/themes/src/main/resources/theme/base/email/html/executeActions.ftl
index 3af8d55..509f617 100755
--- a/themes/src/main/resources/theme/base/email/html/executeActions.ftl
+++ b/themes/src/main/resources/theme/base/email/html/executeActions.ftl
@@ -3,6 +3,6 @@
</#assign>
<html>
<body>
-${msg("executeActionsBodyHtml",link, linkExpiration, realmName, requiredActionsText)}
+${msg("executeActionsBodyHtml",link, linkExpiration, realmName, requiredActionsText)?no_esc}
</body>
</html>
diff --git a/themes/src/main/resources/theme/base/email/html/identity-provider-link.ftl b/themes/src/main/resources/theme/base/email/html/identity-provider-link.ftl
index 9c2db80..31bddbe 100644
--- a/themes/src/main/resources/theme/base/email/html/identity-provider-link.ftl
+++ b/themes/src/main/resources/theme/base/email/html/identity-provider-link.ftl
@@ -1,5 +1,5 @@
<html>
<body>
-${msg("identityProviderLinkBodyHtml", identityProviderAlias, realmName, identityProviderContext.username, link, linkExpiration)}
+${msg("identityProviderLinkBodyHtml", identityProviderAlias, realmName, identityProviderContext.username, link, linkExpiration)?no_esc}
</body>
</html>
\ No newline at end of file
diff --git a/themes/src/main/resources/theme/base/email/html/password-reset.ftl b/themes/src/main/resources/theme/base/email/html/password-reset.ftl
index 846b45d..edbc888 100755
--- a/themes/src/main/resources/theme/base/email/html/password-reset.ftl
+++ b/themes/src/main/resources/theme/base/email/html/password-reset.ftl
@@ -1,5 +1,5 @@
<html>
<body>
-${msg("passwordResetBodyHtml",link, linkExpiration, realmName)}
+${msg("passwordResetBodyHtml",link, linkExpiration, realmName)?no_esc}
</body>
</html>
\ No newline at end of file
diff --git a/themes/src/main/resources/theme/base/login/error.ftl b/themes/src/main/resources/theme/base/login/error.ftl
index c069e26..84ff388 100755
--- a/themes/src/main/resources/theme/base/login/error.ftl
+++ b/themes/src/main/resources/theme/base/login/error.ftl
@@ -3,12 +3,12 @@
<#if section = "title">
${msg("errorTitle")}
<#elseif section = "header">
- ${msg("errorTitleHtml")}
+ ${msg("errorTitleHtml")?no_esc}
<#elseif section = "form">
<div id="kc-error-message">
<p class="instruction">${message.summary}</p>
<#if client?? && client.baseUrl?has_content>
- <p><a id="backToApplication" href="${client.baseUrl}">${msg("backToApplication")}</a></p>
+ <p><a id="backToApplication" href="${client.baseUrl}">${msg("backToApplication")?no_esc}</a></p>
</#if>
</div>
</#if>
diff --git a/themes/src/main/resources/theme/base/login/info.ftl b/themes/src/main/resources/theme/base/login/info.ftl
index c9e197b..2fddf88 100755
--- a/themes/src/main/resources/theme/base/login/info.ftl
+++ b/themes/src/main/resources/theme/base/login/info.ftl
@@ -10,11 +10,11 @@
<#if skipLink??>
<#else>
<#if pageRedirectUri??>
- <p><a href="${pageRedirectUri}">${msg("backToApplication")}</a></p>
+ <p><a href="${pageRedirectUri}">${msg("backToApplication")?no_esc}</a></p>
<#elseif actionUri??>
- <p><a href="${actionUri}">${msg("proceedWithAction")}</a></p>
+ <p><a href="${actionUri}">${msg("proceedWithAction")?no_esc}</a></p>
<#elseif client.baseUrl??>
- <p><a href="${client.baseUrl}">${msg("backToApplication")}</a></p>
+ <p><a href="${client.baseUrl}">${msg("backToApplication")?no_esc}</a></p>
</#if>
</#if>
</div>
diff --git a/themes/src/main/resources/theme/base/login/login.ftl b/themes/src/main/resources/theme/base/login/login.ftl
index c7af616..ab1eab9 100755
--- a/themes/src/main/resources/theme/base/login/login.ftl
+++ b/themes/src/main/resources/theme/base/login/login.ftl
@@ -3,7 +3,7 @@
<#if section = "title">
${msg("loginTitle",(realm.displayName!''))}
<#elseif section = "header">
- ${msg("loginTitleHtml",(realm.displayNameHtml!''))}
+ ${msg("loginTitleHtml",(realm.displayNameHtml!''))?no_esc}
<#elseif section = "form">
<#if realm.password>
<form id="kc-form-login" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
@@ -14,9 +14,9 @@
<div class="${properties.kcInputWrapperClass!}">
<#if usernameEditDisabled??>
- <input tabindex="1" id="username" class="${properties.kcInputClass!}" name="username" value="${(login.username!'')?html}" type="text" disabled />
+ <input tabindex="1" id="username" class="${properties.kcInputClass!}" name="username" value="${(login.username!'')}" type="text" disabled />
<#else>
- <input tabindex="1" id="username" class="${properties.kcInputClass!}" name="username" value="${(login.username!'')?html}" type="text" autofocus autocomplete="off" />
+ <input tabindex="1" id="username" class="${properties.kcInputClass!}" name="username" value="${(login.username!'')}" type="text" autofocus autocomplete="off" />
</#if>
</div>
</div>
diff --git a/themes/src/main/resources/theme/base/login/login-config-totp.ftl b/themes/src/main/resources/theme/base/login/login-config-totp.ftl
index 0515c27..ea2d6b0 100755
--- a/themes/src/main/resources/theme/base/login/login-config-totp.ftl
+++ b/themes/src/main/resources/theme/base/login/login-config-totp.ftl
@@ -7,7 +7,7 @@
<#elseif section = "form">
<ol id="kc-totp-settings">
<li>
- <p>${msg("loginTotpStep1")}</p>
+ <p>${msg("loginTotpStep1")?no_esc}</p>
</li>
<li>
<p>${msg("loginTotpStep2")}</p>
diff --git a/themes/src/main/resources/theme/base/login/login-oauth-grant.ftl b/themes/src/main/resources/theme/base/login/login-oauth-grant.ftl
index edafc66..dc423c4 100755
--- a/themes/src/main/resources/theme/base/login/login-oauth-grant.ftl
+++ b/themes/src/main/resources/theme/base/login/login-oauth-grant.ftl
@@ -3,7 +3,7 @@
<#if section = "title">
${msg("oauthGrantTitle")}
<#elseif section = "header">
- ${msg("oauthGrantTitleHtml",(realm.displayNameHtml!''))} <strong><#if client.name??>${advancedMsg(client.name)}<#else>${client.clientId}</#if></strong>.
+ ${msg("oauthGrantTitleHtml",(realm.displayNameHtml!''))?no_esc} <strong><#if client.name??>${advancedMsg(client.name)}<#else>${client.clientId}</#if></strong>.
<#elseif section = "form">
<div id="kc-oauth" class="content-area">
<h3>${msg("oauthGrantRequest")}</h3>
diff --git a/themes/src/main/resources/theme/base/login/login-reset-password.ftl b/themes/src/main/resources/theme/base/login/login-reset-password.ftl
index a0d118a..a6c1568 100755
--- a/themes/src/main/resources/theme/base/login/login-reset-password.ftl
+++ b/themes/src/main/resources/theme/base/login/login-reset-password.ftl
@@ -18,7 +18,7 @@
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
- <span><a href="${url.loginUrl}">${msg("backToLogin")}</a></span>
+ <span><a href="${url.loginUrl}">${msg("backToLogin")?no_esc}</a></span>
</div>
</div>
diff --git a/themes/src/main/resources/theme/base/login/login-totp.ftl b/themes/src/main/resources/theme/base/login/login-totp.ftl
index f7068a6..d0450e2 100755
--- a/themes/src/main/resources/theme/base/login/login-totp.ftl
+++ b/themes/src/main/resources/theme/base/login/login-totp.ftl
@@ -3,7 +3,7 @@
<#if section = "title">
${msg("loginTitle",realm.displayName)}
<#elseif section = "header">
- ${msg("loginTitleHtml",realm.displayNameHtml)}
+ ${msg("loginTitleHtml",realm.displayNameHtml)?no_esc}
<#elseif section = "form">
<form id="kc-totp-login-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
<div class="${properties.kcFormGroupClass!}">
diff --git a/themes/src/main/resources/theme/base/login/login-update-profile.ftl b/themes/src/main/resources/theme/base/login/login-update-profile.ftl
index 458884c..c57c877 100755
--- a/themes/src/main/resources/theme/base/login/login-update-profile.ftl
+++ b/themes/src/main/resources/theme/base/login/login-update-profile.ftl
@@ -12,7 +12,7 @@
<label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="username" name="username" value="${(user.username!'')?html}" class="${properties.kcInputClass!}"/>
+ <input type="text" id="username" name="username" value="${(user.username!'')}" class="${properties.kcInputClass!}"/>
</div>
</div>
</#if>
@@ -21,7 +21,7 @@
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="email" name="email" value="${(user.email!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="email" name="email" value="${(user.email!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
@@ -30,7 +30,7 @@
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="firstName" name="firstName" value="${(user.firstName!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="firstName" name="firstName" value="${(user.firstName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
@@ -39,7 +39,7 @@
<label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="lastName" name="lastName" value="${(user.lastName!'')?html}" class="${properties.kcInputClass!}" />
+ <input type="text" id="lastName" name="lastName" value="${(user.lastName!'')}" class="${properties.kcInputClass!}" />
</div>
</div>
diff --git a/themes/src/main/resources/theme/base/login/login-x509-info.ftl b/themes/src/main/resources/theme/base/login/login-x509-info.ftl
index 8bd0dfc..b23085a 100644
--- a/themes/src/main/resources/theme/base/login/login-x509-info.ftl
+++ b/themes/src/main/resources/theme/base/login/login-x509-info.ftl
@@ -3,7 +3,7 @@
<#if section = "title">
${msg("loginTitle",(realm.displayName!''))}
<#elseif section = "header">
- ${msg("loginTitleHtml",(realm.displayNameHtml!''))}
+ ${msg("loginTitleHtml",(realm.displayNameHtml!''))?no_esc}
<#elseif section = "form">
<form id="kc-x509-login-info" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
@@ -14,7 +14,7 @@
</div>
<#if subjectDN??>
<div class="${properties.kcLabelWrapperClass!}">
- <label id="certificate_subjectDN" class="${properties.kcLabelClass!}">${(subjectDN!"")?html}</label>
+ <label id="certificate_subjectDN" class="${properties.kcLabelClass!}">${(subjectDN!"")}</label>
</div>
<#else>
<div class="${properties.kcLabelWrapperClass!}">
@@ -30,7 +30,7 @@
<label for="username" class="${properties.kcLabelClass!}">You will be logged in as:</label>
</div>
<div class="${properties.kcLabelWrapperClass!}">
- <label id="username" class="${properties.kcLabelClass!}">${(username!'')?html}</label>
+ <label id="username" class="${properties.kcLabelClass!}">${(username!'')}</label>
</div>
</#if>
diff --git a/themes/src/main/resources/theme/base/login/register.ftl b/themes/src/main/resources/theme/base/login/register.ftl
index 855bd9d..f7d0dbd 100755
--- a/themes/src/main/resources/theme/base/login/register.ftl
+++ b/themes/src/main/resources/theme/base/login/register.ftl
@@ -3,7 +3,7 @@
<#if section = "title">
${msg("registerWithTitle",(realm.displayName!''))}
<#elseif section = "header">
- ${msg("registerWithTitleHtml",(realm.displayNameHtml!''))}
+ ${msg("registerWithTitleHtml",(realm.displayNameHtml!''))?no_esc}
<#elseif section = "form">
<form id="kc-register-form" class="${properties.kcFormClass!}" action="${url.registrationAction}" method="post">
<input type="text" readonly value="this is not a login form" style="display: none;">
@@ -15,7 +15,7 @@
<label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')?html}" />
+ <input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')}" />
</div>
</div>
</#if>
@@ -24,7 +24,7 @@
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName" value="${(register.formData.firstName!'')?html}" />
+ <input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName" value="${(register.formData.firstName!'')}" />
</div>
</div>
@@ -33,7 +33,7 @@
<label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName" value="${(register.formData.lastName!'')?html}" />
+ <input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName" value="${(register.formData.lastName!'')}" />
</div>
</div>
@@ -42,7 +42,7 @@
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')?html}" />
+ <input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')}" />
</div>
</div>
@@ -77,7 +77,7 @@
<div class="${properties.kcFormGroupClass!}">
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
- <span><a href="${url.loginUrl}">${msg("backToLogin")}</a></span>
+ <span><a href="${url.loginUrl}">${msg("backToLogin")?no_esc}</a></span>
</div>
</div>
diff --git a/themes/src/main/resources/theme/base/login/template.ftl b/themes/src/main/resources/theme/base/login/template.ftl
index 0ff628d..d4bb937 100755
--- a/themes/src/main/resources/theme/base/login/template.ftl
+++ b/themes/src/main/resources/theme/base/login/template.ftl
@@ -66,7 +66,7 @@
<#if message.type = 'warning'><span class="${properties.kcFeedbackWarningIcon!}"></span></#if>
<#if message.type = 'error'><span class="${properties.kcFeedbackErrorIcon!}"></span></#if>
<#if message.type = 'info'><span class="${properties.kcFeedbackInfoIcon!}"></span></#if>
- <span class="kc-feedback-text">${message.summary}</span>
+ <span class="kc-feedback-text">${message.summary?no_esc}</span>
</div>
</div>
</#if>
diff --git a/themes/src/main/resources/theme/base/login/terms.ftl b/themes/src/main/resources/theme/base/login/terms.ftl
index 58f4445..6762081 100755
--- a/themes/src/main/resources/theme/base/login/terms.ftl
+++ b/themes/src/main/resources/theme/base/login/terms.ftl
@@ -6,7 +6,7 @@
${msg("termsTitleHtml")}
<#elseif section = "form">
<div id="kc-terms-text">
- ${msg("termsText")}
+ ${msg("termsText")?no_esc}
</div>
<form class="form-actions" action="${url.loginAction}" method="POST">
<input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="accept" id="kc-accept" type="submit" value="${msg("doAccept")}"/>
diff --git a/themes/src/main/resources/theme/keycloak-preview/account/index.ftl b/themes/src/main/resources/theme/keycloak-preview/account/index.ftl
index e000b2f..9ce901c 100644
--- a/themes/src/main/resources/theme/keycloak-preview/account/index.ftl
+++ b/themes/src/main/resources/theme/keycloak-preview/account/index.ftl
@@ -11,7 +11,7 @@
<#if referrer??>
var referrer = '${referrer}';
- var referrer_uri = '${referrer_uri?html}';
+ var referrer_uri = '${referrer_uri}';
</#if>
<#if msg??>