Wrong escape handling in metadata

[Pixelfahnder]

When I add html tags to the metadata field in pages (e.g. via the admin panel) the HTML will be escaped and therefore all possibly dangerous characters are replaced by the PHP function htmlspecialchars when using these via TWIG.

These can only be turned off when setting system.strict_mode.twig_compat to true and system.twig.autoescape to false.

Thesese parameters will be used in

• system/src/Grav/Common/Twig/Twig.php
• system/src/Grav/Common/Page/Page.php The line in question determines if an escape has to be performed as followed: $escape = !$config->get('system.strict_mode.twig_compat', false) || $config->get('system.twig.autoescape', true);
• system/src/Grav/Framework/Flex/Pages/Traits/PageLegacyTrait.php

The Page.php is the relevant file for me when embedding the variable in a Twig template via {{ page.metadata.test.content|raw }}.

The description in the admin panel states, that both fields are defined as followed:

• system.strict_mode.twig_compat: Enables deprecated Twig autoescape setting. When disabled, |raw filter is required to output HTML as Twig will autoescape output
• system.twig.autoescape: Autoescapes all variables. This will break your site most likely

Therefore I guess the handling in the code files is different from the description. Or am I missing something?

[Pixelfahnder]

Just another remark. If I add the html code to a field in a page markdown and access it from there it will not be escaped. But then I can't add it via the admin interface, only in expoert mode which is not feasable for less experienced collegues.