Request: Escape additional string fields that contain freeform user input

[nmorasb]

Fields that contain user supplied input may contain characters not supported by the parser. Where possible, use the FHIRPath escape function to avoid exceptions during parsing.

Noted areas: Measure Purpose: https://github.com/cqframework/sample-content-ig/blob/bca8df99f5361c4829d1065bca67c5e7ab9fed0a/templates/liquid/Measure.liquid#L250

Measure Usage: https://github.com/cqframework/sample-content-ig/blob/bca8df99f5361c4829d1065bca67c5e7ab9fed0a/templates/liquid/Measure.liquid#L256

Measure Copyright: https://github.com/cqframework/sample-content-ig/blob/bca8df99f5361c4829d1065bca67c5e7ab9fed0a/templates/liquid/Measure.liquid#L262

Measure Disclaimer: https://github.com/cqframework/sample-content-ig/blob/bca8df99f5361c4829d1065bca67c5e7ab9fed0a/templates/liquid/Measure.liquid#L268

[brynrhodes]

At some point the publisher changed behavior to automatically do this escaping, so that if we put the .escape call in the expression, what we actually get is rendered escapes in the output. We used to have .escape in most fields that could contain user input, but we have since removed them because of the change in the publisher behavior.

Can you confirm where you are seeing this issue?

[brynrhodes]

Closing this issue as not needed, given that the publisher does this processing (and other consumers of liquid template output would be expected to do the same as appropriate for display in their particular environment). Feel free to reopen or submit another issue if needed.