Posts about FreeMarker
If untrusted values are not correctly escaped when included in web page markup, they can easily make the site susceptible to attacks. To reduce the risk of developer mistakes, many template engines can take care of escaping by default. FreeMarker template engine is no exception. Unfortunately, Hippo CMS default configuration doesn't enable automatic escaping in FreeMarker templates.
Freemarker, the Hippo CMS template language, includes special directives for working with sequences. Additional built-ins can be used to get more information about the loop variable. However, I've noticed that they don't always work.
In Hippo CMS, a page is generated from a hierarchy of Freemarker templates. Child contents can inject content into other parts of the root page using head contributions. In this post, I'm listing some restrictions which apply when using them.