@sgiehl
opened this Pull Request on June 16th 2020
@sgiehl
checked with website titles like <b>test</b> or {{CONSTRUCTOR.CONSTRUCTOR("_X()")()}} if removing the escape opens up some html or angular execution, but seems the content is still encoded once.
fixes #16072
This Pull Request was closed on July 5th 2020