Issue
-
-
Create an example structure with the following associated template:
<#ftl output_format="HTML" auto_esc=false><p>-----------------</p>This should't be escaped: ${'&'}<p>-----------------</p>This should be escaped as: ${'&'?esc}-
Create an article with the created structure and template.
-
Create a Content page with a Web Content Display portlet and select the created article.
-
Do the same with a widget page.
-
View the source code of each page
-
Result: In the content page HTML the characters are always escaped:
<p>-----------------</p>
This should't be escaped: &
<p>-----------------</p>
This should be escaped as: &
Environment
- Liferay 7.4 U44+
- Quarterly Release
Resolution
- The behavior is a current limitation of Content Pages.
- Content Pages use JSoup library during the fragment rendering. You can check the JSoup demo page, where you will be able to see the parsed "&" character.
- Unfortunately JSoup is not configurable to not parse the ampersand character.
- We are analyzing possible solutions under this Feature Request:: LPD-252.
- In the meantime we can only suggest to generate friendly urls without an ampersand to workaround this issue.
Additional Information
- Due to known security vulnerabilities we had to upgrade the JSoup library: LPE-17625
- The new library was introduced in Update 44, so you might experience different behaviors before and after this Update.