XWIKI-17374: Fix escaping in property displayer

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/objects/classes/ListClass.java

@@ -738,11 +738,11 @@ public void displayView(StringBuffer buffer, String name, String prefix, BaseCol
             selectlist = ((ListProperty) prop).getList();
             List<String> newlist = new ArrayList<>();
             for (String value : selectlist) {
-                newlist.add(XMLUtils.minimalEscape(getDisplayValue(value, name, map, context)));
+                newlist.add(XMLUtils.escapeElementText(getDisplayValue(value, name, map, context)));
             }
             buffer.append(StringUtils.join(newlist, separator));
         } else {
-            buffer.append(XMLUtils.minimalEscape(getDisplayValue(prop.getValue(), name, map, context)));
+            buffer.append(XMLUtils.escapeElementText(getDisplayValue(prop.getValue(), name, map, context)));
         }
     }
 

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/objects/classes/StringClass.java

@@ -128,13 +128,23 @@ public void displayEdit(StringBuffer buffer, String name, String prefix, BaseCol
     public void displayView(StringBuffer buffer, String name, String prefix, BaseCollection object,
         XWikiContext context)
     {
-        BaseProperty prop = (BaseProperty) object.safeget(name);
-        String result;
-        if (prop != null) {
-            result = prop.toText();
+        String content = getPropertyText((BaseProperty) object.safeget(name));
+        buffer.append(XMLUtils.escapeElementText(content));
+    }
+
+    /**
+     * Get the text of the base property. Returns the empty string if the base property is null.
+     * @param property the base property
+     * @return the text of the base property. The empty string is returned if the base property is null
+     */
+    protected String getPropertyText(BaseProperty property)
+    {
+        String ret;
+        if (property != null) {
+            ret = property.toText();
         } else {
-            result = "";
+            ret = "";
         }
-        buffer.append(XMLUtils.minimalEscape(result));
+        return ret;
     }
 }

xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/objects/classes/TextAreaClass.java

@@ -381,18 +381,13 @@ public void displayView(StringBuffer buffer, String name, String prefix, BaseCol
                 buffer.append(result);
             }
         } else {
-            BaseProperty prop = (BaseProperty) object.safeget(name);
-            String result;
-            if (prop != null) {
-                result = prop.toText();
-            } else {
-                result = "";
-            }
+            String content = getPropertyText((BaseProperty) object.safeget(name));
+
             if (doc != null) {
                 String syntax = getObjectDocumentSyntax(object, context).toIdString();
-                buffer.append(context.getDoc().getRenderedContent(result, syntax, context));
+                buffer.append(context.getDoc().getRenderedContent(content, syntax, context));
             } else {
-                buffer.append(result);
+                buffer.append(content);
             }
         }
     }

xwiki-platform-core/xwiki-platform-web/src/main/webapp/resources/js/xwiki/xwiki.js

@@ -253,7 +253,7 @@ Object.extend(XWiki, {
                       });
 
                       // Replace the element's content with the temporary container's content, while also evaluating any inline scripts.
-                      // Note: This also allows script tag defined in the update html to be loaded.
+                      // Note: This also allows script tags defined in the updated html to be loaded.
                       $(extraID + "pane").update(container.descendants()[0]);
 
                       // Notify the others that the DOM has been updated.