Where a page title already contains templated content - e.g. inserting user input from previous steps - then the values are already escaped, and so should not be escaped again, as this results in raw html entities being output to the page - e.g. ' instead of a single-quote/apostrophe.
Remove the escaping here since the title is rendered from a templated value, which is already therefore escaped.
Where a page title already contains templated content - e.g. inserting user input from previous steps - then the values are already escaped, and so should not be escaped again, as this results in raw html entities being output to the page - e.g.
'instead of a single-quote/apostrophe.Remove the escaping here since the title is rendered from a templated value, which is already therefore escaped.
Before:
After:
A slightly better "after" without the XSS check: