Vulnerability in EPiServer.Forms
I have a HTML-comment like this:
When this renders, I get this:
This is highly amusing. :) This is placed inside of a template page. If I move this to an ordinary, plain and simple ASPX-page it renders perfectly! Does anyone know if EPiServer somehow tries to parse the HTML for links or such?
Yes for WebForms EPiServer CMS parses the outgoing HTML stream for rewriting of links from internall to external (FURL) format. It is possible programatically to disable HTML parsing for a specific template (with consequence that any links on that template will be in internal format). Let me know if you want to disable HTML parsing for that template then I can look up how to do that (I cant remember how that is done off the top of my head)