Closed
Description
In https://github.com/linkedin/dustjs/wiki/Dust-Tutorial mentions
...
All output values are escaped to avoid Cross Site Scripting (XSS) unless you use filters:
...
Try it with strings.json
"ZRP_MSG": "We did not find results for <span class='Fw-b query'>{query}</span>. Try the suggestions below or type a new query above."
and dust template
var str = "><b><font%20face=%27tahoma%27><img%20height="%20300"%20width="%20400"%20src="%20http://talkingbiznews.com/wp-content/uploads/2013/08/hacked.jpg"%20><h1>content%20injection</h1></b>";
{@intlMessage _key="ZRP_MSG" query=str /}