Type: Change Request
Affects Version/s: None
Fix Version/s: 6.1.0
CO-3565, the HTML returned by the datasource is escaped to prevent XSS injection.
While it's good to increase security of the product, some users get HTML from their datasource (i.e.: a knowledge base) and want it to be interpreted in display mode.
In the "Advanced option" dialog of the field configuration, add an option:
Evaluate HTML: "Dangerously evaluate HTML returned by the datasource"
This option is unchecked by default on new and existing configurations.
When checked, HTML returned by the datasource will be evaluated on display (behavior of Connect < 6.0.2)