Vulnerability in EPiServer.Forms
Is it just me, or does the scheduled job log no longer support HTML in the status message?
Screenshot is of a log from Episerver Find with a number of error messages. Normally, these would appear on separate rows, but now we see the actual HTML () tags instead:
You're not alone. Did You find any workaround?
A temporary workaround is to remove Server.HtmlEncode in DatabaseJob.aspx.
I'll submit a bug report, althought I suspect EPiServer won't view it as a bug.
Another is to instead generate an html file on disk and then only output the link in summary above. Make sure to consider access rights to logs in that case though :)
It appears to be an overzealous refactoring. I have created a bug to revert that change; this is the bug number http://world.episerver.com/support/bug-list/bug/CMS-3724 (once it propagates to world).