OpenACS

 #package_key.message_key# happens via regex on the resulting page

 late in the layout process. When a message contains %-substitution

 variables, at least these values have to be html-escaped.

 The bug showed up e.g. on OpenACS.org in the forums, when

 a subject line contained a double quote (e.g. in the .LRN Q&A forum,

 message "My applet doesn't appear ...". Since the layout is produced

 via

                <a href="@messages.message_url@" title="#forums.goto_thread_subject#">

 and the message key is defined as

                Go to thread %messages.subject%

 the HTML title attribute was terminated prematurely by the double

 quote of the subject line and the remainder was invalid HTML.

Show less