Remove usage of kcSanitize() to avoid printing HTML (#44755)

Closes #44753 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2026-01-08 14:32:05 -03:30 · 2026-01-05 10:45:32 +01:00 · 2026-01-05 10:45:32 +01:00 · a6bf194487
commit a6bf194487
parent cafa1a86eb
50 changed files with 181 additions and 169 deletions
--- a/docs/documentation/upgrading/topics/changes/changes-26_5_0.adoc
+++ b/docs/documentation/upgrading/topics/changes/changes-26_5_0.adoc
@ -106,11 +106,13 @@ The `log-console-color` previously defaulted to `false`, but it will now instead

 You may still explicitly disable color support by setting the option to `false`.

-=== Some message keys no longer support HTML entities
+=== Message keys no longer support HTML or HTML entities in the login theme

-The following message keys in translations no longer support HTML entities: `backToLogin`, `backToApplication`, `proceedWithAction`.
+Message keys in translations and error messages generated in the backend no longer support HTML or HTML entities for the login theme.
+The only exception is the message key `termsText` which is used to display the terms and conditions for the respective required action that still allows for a limited set of HTML as before.
+For the Legacy Login Theme, HTML and HTML entities are still partially supported for backward compatibility.

-The default themes have already been updated. If you used them in your translations, please update your translation to use the UTF-8 equivalent.
+The default login themes have already been updated. If you used them in your translations, please update your translation to use the UTF-8 equivalent if you used HTML entities, and replace HTML with plain text.

 === Permissions of the database user for PostgreSQL

--- a/services/src/main/java/org/keycloak/theme/beans/MessageBean.java
+++ b/services/src/main/java/org/keycloak/theme/beans/MessageBean.java
@ -42,7 +42,7 @@ public class MessageBean {
        if (summary == null)
            summary = newLine;
        else
-            summary = summary + "<br>" + newLine;
+            summary = summary + " " + newLine;
    }

    public String getType() {
@ -61,4 +61,4 @@ public class MessageBean {
        return MessageType.ERROR.equals(this.type);
    }

-}
+}
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
@ -120,16 +120,16 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
        String error = "<p><a href=\"javascript&amp;colon;alert(document.domain);\">Back to application</a></p>";
        installedAppPage.open("test", null, error, null);

-        // Assert text escaped and not "a" link present
+        // Assert text escaped
        installedAppPage.assertLinkBackToApplicationNotPresent();
-        Assert.assertEquals("Error code: <p>Back to application</p>", installedAppPage.getPageTitleText());
+        Assert.assertEquals("Error code: <p><a href=\"javascript&amp;colon;alert(document.domain);\">Back to application</a></p>", installedAppPage.getPageTitleText());

        error = "<p><a href=\"http://foo.com\">Back to application</a></p>";
        installedAppPage.open("test", null, error, null);

-        // In this case, link is not sanitized as it is valid link, however it is escaped and not shown as a link
+        // Assert text is escaped
        installedAppPage.assertLinkBackToApplicationNotPresent();
-        Assert.assertEquals("Error code: <p><a href=\"http://foo.com\" rel=\"nofollow\">Back to application</a></p>", installedAppPage.getPageTitleText());
+        Assert.assertEquals("Error code: <p><a href=\"http://foo.com\">Back to application</a></p>", installedAppPage.getPageTitleText());
    }

    @Test
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/account/WebAuthnSigningInTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/account/WebAuthnSigningInTest.java
@ -122,7 +122,7 @@ public class WebAuthnSigningInTest extends AbstractWebAuthnAccountTest {
        waitForPageToLoad();

        webAuthnErrorPage.assertCurrent();
-        assertThat(webAuthnErrorPage.getError(), is("Failed to register your Passkey.\nDevice already exists with the same name"));
+        assertThat(webAuthnErrorPage.getError(), is("Failed to register your Passkey. Device already exists with the same name"));
        webAuthnErrorPage.clickTryAgain();

        webAuthnRegisterPage.assertCurrent();
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserCRLTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserCRLTest.java
@ -226,7 +226,7 @@ public class X509BrowserCRLTest extends AbstractX509AuthenticationTest {
        Assert.assertNotNull(cfgId);

        // Verify there is an error message because of invalid CRL signature
-        assertLoginFailedWithExpectedX509Error("Certificate validation's failed.\nCertificate revoked or incorrect.");
+        assertLoginFailedWithExpectedX509Error("Certificate validation's failed. Certificate revoked or incorrect.");
    }


@ -306,7 +306,7 @@ public class X509BrowserCRLTest extends AbstractX509AuthenticationTest {


    private void assertLoginFailedDueRevokedCertificate() {
-        assertLoginFailedWithExpectedX509Error("Certificate validation's failed.\nCertificate revoked or incorrect.");
+        assertLoginFailedWithExpectedX509Error("Certificate validation's failed. Certificate revoked or incorrect.");
    }

    private void assertLoginFailedWithExpectedX509Error(String expectedError) {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java
@ -103,7 +103,7 @@ public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {

        oauth.openLoginForm();

-        assertThat(loginPage.getError(), containsString("Certificate validation's failed.\n" +
+        assertThat(loginPage.getError(), containsString("Certificate validation's failed. " +
                "Certificate revoked or incorrect."));
    }

@ -456,7 +456,7 @@ public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {

            Assert.assertNotNull(loginPage.getError());

-            assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed.\nUser is disabled"));
+            assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed. User is disabled"));

            events.expectLogin()
                    .user(userId)
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_ar.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_ar.properties
@ -463,11 +463,11 @@ webauthn-createdAt-label=تم إنشاؤه في

 # WebAuthn Error
 webauthn-error-title=خطأ في مفتاح الأمان
-webauthn-error-registration=فشل في تسجيل مفتاح الأمان الخاص بك.<br /> {0}
-webauthn-error-api-get=فشلت المصادقة بواسطة مفتاح الأمان.<br /> {0}
+webauthn-error-registration=فشل في تسجيل مفتاح الأمان الخاص بك. {0}
+webauthn-error-api-get=فشلت المصادقة بواسطة مفتاح الأمان. {0}
 webauthn-error-different-user=أول مستخدم تمت مصادقته ليس هو الشخص الذي تمت مصادقته بواسطة مفتاح الأمان.
-webauthn-error-auth-verification=نتيجة مصادقة مفتاح الأمان غير صالحة.<br /> {0}
-webauthn-error-register-verification=نتيجة تسجيل مفتاح الأمان غير صالحة.<br /> {0}
+webauthn-error-auth-verification=نتيجة مصادقة مفتاح الأمان غير صالحة. {0}
+webauthn-error-register-verification=نتيجة تسجيل مفتاح الأمان غير صالحة. {0}
 webauthn-error-user-not-found=مستخدم غير معروف تمت مصادقته بواسطة مفتاح الأمان.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_az.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_az.properties
@ -488,11 +488,11 @@ webauthn-registration-init-label-prompt=Zəhmət olmasa, qeydiyyatdan keçmiş

 # WebAuthn Error
 webauthn-error-title=Şifrə Xətası
-webauthn-error-registration=Passkey-inizi qeydiyyatdan keçirmək mümkün olmadı.<br /> {0}
-webauthn-error-api-get=Passkey ilə təsdiqləmə uğursuz oldu.<br /> {0}
+webauthn-error-registration=Passkey-inizi qeydiyyatdan keçirmək mümkün olmadı. {0}
+webauthn-error-api-get=Passkey ilə təsdiqləmə uğursuz oldu. {0}
 webauthn-error-different-user=İlk doğrulanmış istifadəçi Passkey ilə doğrulanmış istifadəçi deyil.
-webauthn-error-auth-verification=Əsas açar autentifikasiya nəticəsi keçərsizdir.<br /> {0}
-webauthn-error-register-verification=Əsas giriş qeydiyyat nəticəsi etibarsızdır.<br /> {0}
+webauthn-error-auth-verification=Əsas açar autentifikasiya nəticəsi keçərsizdir. {0}
+webauthn-error-register-verification=Əsas giriş qeydiyyat nəticəsi etibarsızdır. {0}
 webauthn-error-user-not-found=İstifadəçi tanınmayıb, Passkey ilə doğrulanıb.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_ca.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_ca.properties
@ -420,11 +420,11 @@ webauthn-createdAt-label=Creada

 # WebAuthn Error
 webauthn-error-title=Error de la clau de seguretat
-webauthn-error-registration=No s''ha pogut registrar la vostra clau de seguretat.<br /> {0}
-webauthn-error-api-get=No s''ha pogut identificar amb la clau de seguretat.<br /> {0}
+webauthn-error-registration=No s''ha pogut registrar la vostra clau de seguretat. {0}
+webauthn-error-api-get=No s''ha pogut identificar amb la clau de seguretat. {0}
 webauthn-error-different-user=L''usuari identificat primer no és l''autenticat per la clau de seguretat.
-webauthn-error-auth-verification=El resultat de l''autenticació amb clau de seguretat no és vàlid.<br />{0}
-webauthn-error-register-verification=El resultat del registre amb clau de seguretat no és vàlid.<br />{0}
+webauthn-error-auth-verification=El resultat de l''autenticació amb clau de seguretat no és vàlid.{0}
+webauthn-error-register-verification=El resultat del registre amb clau de seguretat no és vàlid.{0}
 webauthn-error-user-not-found=L''usuari identificat per la clau de seguretat és desconegut.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_cs.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_cs.properties
@ -444,11 +444,11 @@ webauthn-registration-init-label-prompt=Zadejte prosím popisek svého registrov

 # WebAuthn Error
 webauthn-error-title=Chyba přístupového klíče
-webauthn-error-registration=Selhala registrace vašeho přístupového klíče.<br /> {0}
-webauthn-error-api-get=Selhalo přihlášení pomocí přístupového klíče.<br /> {0}
+webauthn-error-registration=Selhala registrace vašeho přístupového klíče. {0}
+webauthn-error-api-get=Selhalo přihlášení pomocí přístupového klíče. {0}
 webauthn-error-different-user=První přihlášený uživatel není totožný s uživatelem přihlášeným pomocí přístupového klíče.
-webauthn-error-auth-verification=Nevalidní výsledek přihlášení pomocí přístupového klíče.<br /> {0}
-webauthn-error-register-verification=Nevalidní výsledek registrace přístupového klíče.<br /> {0}
+webauthn-error-auth-verification=Nevalidní výsledek přihlášení pomocí přístupového klíče. {0}
+webauthn-error-register-verification=Nevalidní výsledek registrace přístupového klíče. {0}
 webauthn-error-user-not-found=Neznámý uživatel přihlášen pomocí přístupového klíče.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_de.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_de.properties
@ -420,11 +420,11 @@ webauthn-createdAt-label=Erstellt

 # WebAuthn Error
 webauthn-error-title=Passkey Fehler
-webauthn-error-registration=Fehler beim Registrieren Ihres Passkeys.<br /> {0}
-webauthn-error-api-get=Fehler beim Authentifizieren mit dem Passkey.<br /> {0}
+webauthn-error-registration=Fehler beim Registrieren Ihres Passkeys. {0}
+webauthn-error-api-get=Fehler beim Authentifizieren mit dem Passkey. {0}
 webauthn-error-different-user=Der erste authentifizierte Benutzer ist nicht derjenige, der durch den Passkey authentifiziert wurde.
-webauthn-error-auth-verification=Das Ergebnis der Passkey-Authentifizierung ist ungültig.<br /> {0}
-webauthn-error-register-verification=Das Ergebnis der Passkey-Registrierung ist ungültig.<br /> {0}
+webauthn-error-auth-verification=Das Ergebnis der Passkey-Authentifizierung ist ungültig. {0}
+webauthn-error-register-verification=Das Ergebnis der Passkey-Registrierung ist ungültig. {0}
 webauthn-error-user-not-found=Unbekannter Benutzer, der mit dem Passkey authentifiziert wurde.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_el.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_el.properties
@ -416,11 +416,11 @@ webauthn-createdAt-label=Δημιουργήθηκε

 # WebAuthn Error
 webauthn-error-title=Σφάλμα Κλειδιού Ασφαλείας
-webauthn-error-registration=Αποτυχία εγγραφής του κλειδιού ασφαλείας σας.<br /> {0}
-webauthn-error-api-get=Αποτυχία ταυτοποίησης μέσω του Κλειδιού ασφαλείας.<br /> {0}
+webauthn-error-registration=Αποτυχία εγγραφής του κλειδιού ασφαλείας σας. {0}
+webauthn-error-api-get=Αποτυχία ταυτοποίησης μέσω του Κλειδιού ασφαλείας. {0}
 webauthn-error-different-user=Ο αρχικός ταυτοποιημένος χρήστης δεν είναι ο ίδιος με αυτόν που ταυτοποιήθηκε με το Κλειδί ασφαλείας.
-webauthn-error-auth-verification=Μη έγκυρο αποτέλεσμα ταυτοποίησης του Κλειδιού ασφαλείας.<br /> {0}
-webauthn-error-register-verification=Μη έγκυρο αποτέλεσμα εγγραφής του Κλειδιού ασφαλείας.<br /> {0}
+webauthn-error-auth-verification=Μη έγκυρο αποτέλεσμα ταυτοποίησης του Κλειδιού ασφαλείας. {0}
+webauthn-error-register-verification=Μη έγκυρο αποτέλεσμα εγγραφής του Κλειδιού ασφαλείας. {0}
 webauthn-error-user-not-found=Άγνωστος χρήστης ταυτοποιήθηκε με το Κλειδί ασφαλείας.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_es.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_es.properties
@ -439,11 +439,11 @@ webauthn-createdAt-label=Creada

 # WebAuthn Error
 webauthn-error-title=Error de Passkey
-webauthn-error-registration=No se pudo registrar su Passkey. <br /> {0}
-webauthn-error-api-get=No se pudo autenticar con el Passkey. <br /> {0}
+webauthn-error-registration=No se pudo registrar su Passkey.  {0}
+webauthn-error-api-get=No se pudo autenticar con el Passkey.  {0}
 webauthn-error-different-user=El primer usuario autenticado no es el autenticado por el Passkey.
-webauthn-error-auth-verification=El resultado de la autenticación con el Passkey no es válido. <br /> {0}
-webauthn-error-register-verification=El resultado de registro del Passkey no es válido. <br /> {0}
+webauthn-error-auth-verification=El resultado de la autenticación con el Passkey no es válido.  {0}
+webauthn-error-register-verification=El resultado de registro del Passkey no es válido.  {0}
 webauthn-error-user-not-found=Usuario desconocido autenticado por el Passkey.


--- a/themes/src/main/resources-community/theme/base/login/messages/messages_eu.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_eu.properties
@ -501,11 +501,11 @@ webauthn-registration-init-label-prompt=Mesedez sartu zure erregistratutako pass

 # WebAuthn Error
 webauthn-error-title=Passkey errorea
-webauthn-error-registration=Zure Passkey erregistratzeak huts egin du.<br /> {0}
-webauthn-error-api-get=Passkey-rekin autentifikatzeak huts egin du.<br /> {0}
+webauthn-error-registration=Zure Passkey erregistratzeak huts egin du. {0}
+webauthn-error-api-get=Passkey-rekin autentifikatzeak huts egin du. {0}
 webauthn-error-different-user=Lehenengo autentifikatutako erabiltzailea ez da Passkey-k autentifikatutakoa.
-webauthn-error-auth-verification=Passkey autentifikazio emaitza baliogabea da.<br /> {0}
-webauthn-error-register-verification=Passkey erregistro emaitza baliogabea da.<br /> {0}
+webauthn-error-auth-verification=Passkey autentifikazio emaitza baliogabea da. {0}
+webauthn-error-register-verification=Passkey erregistro emaitza baliogabea da. {0}
 webauthn-error-user-not-found=Passkey-k autentifikatutako erabiltzaile ezezaguna.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_fa.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_fa.properties
@ -454,11 +454,11 @@ webauthn-createdAt-label=ایجاد شده در

 # WebAuthn Error
 webauthn-error-title=خطای کلید امنیتی
-webauthn-error-registration=کلید امنیتی شما ثبت نشد.<br /> {0}
-webauthn-error-api-get=با کلید امنیتی احراز هویت انجام نشد.<br /> {0}
+webauthn-error-registration=کلید امنیتی شما ثبت نشد. {0}
+webauthn-error-api-get=با کلید امنیتی احراز هویت انجام نشد. {0}
 webauthn-error-different-user=اولین کاربر احراز هویت شده کسی نیست که توسط کلید امنیتی احراز هویت شده است.
-webauthn-error-auth-verification=نتیجه احراز هویت کلید امنیتی نامعتبر است.<br /> {0}
-webauthn-error-register-verification=نتیجه ثبت کلید امنیتی نامعتبر است.<br /> {0}
+webauthn-error-auth-verification=نتیجه احراز هویت کلید امنیتی نامعتبر است. {0}
+webauthn-error-register-verification=نتیجه ثبت کلید امنیتی نامعتبر است. {0}
 webauthn-error-user-not-found=کاربر ناشناس با کلید امنیتی احراز هویت شده است.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_fi.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_fi.properties
@ -397,11 +397,11 @@ webauthn-doAuthenticate=Kirjaudu sisään Turva-avaimella

 # WebAuthn Error
 webauthn-error-title=Turva-avain virhe
-webauthn-error-registration=Turva-avaimen rekisteröinti epäonnistui.<br /> {0}
-webauthn-error-api-get=Tunnistautuminen Turva-avaimella epäonnistui.<br /> {0}
+webauthn-error-registration=Turva-avaimen rekisteröinti epäonnistui. {0}
+webauthn-error-api-get=Tunnistautuminen Turva-avaimella epäonnistui. {0}
 webauthn-error-different-user=Ensiksi tunnistautunut käyttäjä ei ole sama kuin Turva-avaimella tunnistaunut.
-webauthn-error-auth-verification=Turva-avain -tunnistautumisen tulos on virheellinen.<br /> {0}
-webauthn-error-register-verification=Turva-avaimen rekisteröinnin tulos on virheellinen.<br /> {0}
+webauthn-error-auth-verification=Turva-avain -tunnistautumisen tulos on virheellinen. {0}
+webauthn-error-register-verification=Turva-avaimen rekisteröinnin tulos on virheellinen. {0}
 webauthn-error-user-not-found=Tuntematon käyttäjä tunnistautui Turva-avaimella.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_fr.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_fr.properties
@ -374,11 +374,11 @@ webauthn-createdAt-label=Créé le

 # WebAuthn Error
 webauthn-error-title=Erreur lors de l''utilisation de la clé d''accès
-webauthn-error-registration=L''enregistrement de la clé d''accès a échoué.<br /> {0}
-webauthn-error-api-get=L''authentification via la clé d''accès a échoué.<br /> {0}
+webauthn-error-registration=L''enregistrement de la clé d''accès a échoué. {0}
+webauthn-error-api-get=L''authentification via la clé d''accès a échoué. {0}
 webauthn-error-different-user=Le premier utilisateur authentifié ne correspond pas à celui authentifié par la clé d''accès.
-webauthn-error-auth-verification=Le résultat de l''authentification par la clé d''accès est invalide.<br /> {0}
-webauthn-error-register-verification=Le résultat de l''enregistrement de la clé d''accès est invalide.<br /> {0}
+webauthn-error-auth-verification=Le résultat de l''authentification par la clé d''accès est invalide. {0}
+webauthn-error-register-verification=Le résultat de l''enregistrement de la clé d''accès est invalide. {0}
 webauthn-error-user-not-found=La clé d''accès a authentifié un utilisateur inconnu.
 finalDeletionConfirmation=Si vous supprimez votre compte, il ne pourra pas être restauré. Pour conserver votre compte, cliquez sur Annuler.
 irreversibleAction=Cette action est irréversible
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_hr.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_hr.properties
@ -476,11 +476,11 @@ webauthn-registration-init-label-prompt=Molimo unesite oznaku vašeg pristupnog

 # WebAuthn Error
 webauthn-error-title=Greška sigurnosnog ključa
-webauthn-error-registration=Neuspješna registracija sigurnosnog ključa.<br /> {0}
-webauthn-error-api-get=Neuspješna autentifikacija putem sigurnosnog ključa.<br /> {0}
+webauthn-error-registration=Neuspješna registracija sigurnosnog ključa. {0}
+webauthn-error-api-get=Neuspješna autentifikacija putem sigurnosnog ključa. {0}
 webauthn-error-different-user=Prvi autentificirani korisnik nije isti kao korisnik autentificiran putem sigurnosnog ključa.
-webauthn-error-auth-verification=Rezultat autentifikacije putem sigurnosnog ključa nije valjan.<br /> {0}
-webauthn-error-register-verification=Rezultat registracije sigurnosnog ključa nije valjan.<br /> {0}
+webauthn-error-auth-verification=Rezultat autentifikacije putem sigurnosnog ključa nije valjan. {0}
+webauthn-error-register-verification=Rezultat registracije sigurnosnog ključa nije valjan. {0}
 webauthn-error-user-not-found=Nepoznati korisnik autentificiran putem sigurnosnog ključa.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_it.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_it.properties
@ -312,11 +312,11 @@ webauthn-available-authenticators=Passkey disponibili

 # WebAuthn Error
 webauthn-error-title=Errore Passkey
-webauthn-error-registration=Impossibile registrare la tua Passkey.<br /> {0}
-webauthn-error-api-get=L''autenticazione con la Passkey è fallita.<br /> {0}
+webauthn-error-registration=Impossibile registrare la tua Passkey. {0}
+webauthn-error-api-get=L''autenticazione con la Passkey è fallita. {0}
 webauthn-error-different-user=Il primo utente autenticato non è quello autenticato tramite la Passkey.
-webauthn-error-auth-verification=Il risultato dell''autenticazione con la Passkey non è valido.<br /> {0}
-webauthn-error-register-verification=Il risultato della registrazione della Passkey non è valido.<br /> {0}
+webauthn-error-auth-verification=Il risultato dell''autenticazione con la Passkey non è valido. {0}
+webauthn-error-register-verification=Il risultato della registrazione della Passkey non è valido. {0}
 webauthn-error-user-not-found=L''utente autenticato la Passkey è sconosciuto.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_ja.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_ja.properties
@ -313,11 +313,11 @@ webauthn-available-authenticators=利用可能なパスキー

 # WebAuthn Error
 webauthn-error-title=パスキーエラー
-webauthn-error-registration=パスキーの登録に失敗しました。<br /> {0}
-webauthn-error-api-get=パスキーによる認証に失敗しました。<br /> {0}
+webauthn-error-registration=パスキーの登録に失敗しました。 {0}
+webauthn-error-api-get=パスキーによる認証に失敗しました。 {0}
 webauthn-error-different-user=最初に認証されたユーザーは、パスキーによって認証されたユーザーではありません。
-webauthn-error-auth-verification=パスキーの認証結果が無効です。<br /> {0}
-webauthn-error-register-verification=パスキーの登録結果が無効です。<br /> {0}
+webauthn-error-auth-verification=パスキーの認証結果が無効です。 {0}
+webauthn-error-register-verification=パスキーの登録結果が無効です。 {0}
 webauthn-error-user-not-found=パスキーで認証された不明なユーザー。
 identity-provider-redirector=別のアイデンティティープロバイダーと接続する
 frontchannel-logout.title=ログアウト
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_ka.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_ka.properties
@ -169,9 +169,9 @@ webauthn-registration-init-label=Passkey (ნაგულისხმევი
 webauthn-error-title=Passkey-ის შეცდომა
 webauthn-createdAt-label=შეიქმნა
 webauthn-registration-init-label-prompt=შეიყვანეთ თქვენი დარეგისტრირებული Passkey-ის ჭდე
-webauthn-error-registration=თქვენი Passkey-ის რეგისტრაცია ჩავარდა.<br />{0}
+webauthn-error-registration=თქვენი Passkey-ის რეგისტრაცია ჩავარდა.{0}
 passkey-unsupported-browser-text=Passkey-ის მხარდაჭერა ამ ბრაუზერს არ აქვს. სცადეთ სხვა ან დაუკავშირდით თქვენს ადმინისტრატორს.
-webauthn-error-api-get=Passkey-ით ავთენტიკაცია ჩავარდა.<br />{0}
+webauthn-error-api-get=Passkey-ით ავთენტიკაცია ჩავარდა.{0}
 passkey-doAuthenticate=Passkey-ით შესვლა
 webauthn-error-different-user=პირველი მომხმარებელი, ვინც ავთენტიკაცია გაიარა, Passkey-ით ავთენტიკაციის მომხმარებელს არ ემთხვევა.
 passkey-createdAt-label=შეიქმნა
@ -448,8 +448,8 @@ recovery-codes-download-file-date=ეს კოდები დააგენ
 webauthn-login-title=Passkey-ით შესვლა
 webauthn-registration-title=Passkey-ისის რეგისტრაცია
 webauthn-available-authenticators=ხელმისაწვდომი Passkeys
-webauthn-error-auth-verification=Passkey-ით ავთენტიკაციის შედეგი არასწორია.<br />{0}
-webauthn-error-register-verification=Passkey-ის რეგისტრაციის შედეგი არასწორია.<br />{0}
+webauthn-error-auth-verification=Passkey-ით ავთენტიკაციის შედეგი არასწორია.{0}
+webauthn-error-register-verification=Passkey-ის რეგისტრაციის შედეგი არასწორია.{0}
 webauthn-error-user-not-found=Passkey-ით ავთენტიკაციაგავლილი მომხმარებელი უცნობია.
 irreversibleAction=ეს ქმედება შეუქცევადია
 accountUnusable=ამ ანგარიშით ამის შემდეგ აპლიკაციას ვერ გამოიყენებთ
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_kk.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_kk.properties
@ -454,11 +454,11 @@ webauthn-registration-init-label-prompt=Тіркелген қатынасу кі
 # WebAuthn қатесі

 webauthn-error-title=Қатынасу кілтінің қатесі
-webauthn-error-registration=Құпия сөзіңізді тіркеу мүмкін болмады.\<br /\> {0}
-webauthn-error-api-get=Құпия сөзбен аутентификациядан өту мүмкін болмады.\<br /\> {0}
+webauthn-error-registration=Құпия сөзіңізді тіркеу мүмкін болмады. {0}
+webauthn-error-api-get=Құпия сөзбен аутентификациядан өту мүмкін болмады. {0}
 webauthn-error-different-user=Бірінші аутентификацияланған пайдаланушы қатынасу кілтімен аутентификацияланған пайдаланушы емес.
-webauthn-error-auth-verification=Қатынасу кілтінің аутентификация нәтижесі жарамсыз.\<br /\> {0}
-webauthn-error-register-verification=Қатынасу кілтін тіркеу нәтижесі жарамсыз.\<br /\> {0}
+webauthn-error-auth-verification=Қатынасу кілтінің аутентификация нәтижесі жарамсыз. {0}
+webauthn-error-register-verification=Қатынасу кілтін тіркеу нәтижесі жарамсыз. {0}
 webauthn-error-user-not-found=Құпия сөзбен аутентификацияланған белгісіз пайдаланушы.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_ko.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_ko.properties
@ -498,11 +498,11 @@ webauthn-registration-init-label-prompt=등록한 패스키의 라벨을 입력

 # WebAuthn Error
 webauthn-error-title=패스키 오류
-webauthn-error-registration=패스키 등록에 실패했습니다.<br /> {0}
-webauthn-error-api-get=패스키로 인증하는 데 실패했습니다.<br /> {0}
+webauthn-error-registration=패스키 등록에 실패했습니다. {0}
+webauthn-error-api-get=패스키로 인증하는 데 실패했습니다. {0}
 webauthn-error-different-user=첫 번째 인증된 사용자가 패스키로 인증된 사용자가 아닙니다.
-webauthn-error-auth-verification=패스키 인증 결과가 잘못되었습니다.<br /> {0}
-webauthn-error-register-verification=패스키 등록 결과가 잘못되었습니다.<br /> {0}
+webauthn-error-auth-verification=패스키 인증 결과가 잘못되었습니다. {0}
+webauthn-error-register-verification=패스키 등록 결과가 잘못되었습니다. {0}
 webauthn-error-user-not-found=패스키로 인증된 알 수 없는 사용자.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_ky.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_ky.properties
@ -487,11 +487,11 @@ webauthn-registration-init-label-prompt=Катталган парольсуз а

 # WebAuthn Error
 webauthn-error-title=Парольсуз ачкыч катасы
-webauthn-error-registration=Парольсуз ачкычты каттоо ийгиликсиз аяктады.<br /> {0}
-webauthn-error-api-get=Парольсуз ачкыч менен аутентификациядан өтүү мүмкүн болгон жок.<br /> {0}
+webauthn-error-registration=Парольсуз ачкычты каттоо ийгиликсиз аяктады. {0}
+webauthn-error-api-get=Парольсуз ачкыч менен аутентификациядан өтүү мүмкүн болгон жок. {0}
 webauthn-error-different-user=Биринчи аутентификацияланган колдонуучу парольсуз ачкыч менен аутентификацияланган эмес.
-webauthn-error-auth-verification=Парольсуз ачкыч менен аутентификация жыйынтыгы жараксыз.<br /> {0}
-webauthn-error-register-verification=Парольсуз ачкыч каттоосу жараксыз.<br /> {0}
+webauthn-error-auth-verification=Парольсуз ачкыч менен аутентификация жыйынтыгы жараксыз. {0}
+webauthn-error-register-verification=Парольсуз ачкыч каттоосу жараксыз. {0}
 webauthn-error-user-not-found=Парольсуз ачкыч менен аутентификацияланган белгисиз колдонуучу.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_nl.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_nl.properties
@ -448,10 +448,10 @@ webauthn-createdAt-label=Aangemaakt op
 webauthn-registration-init-label=Passkey (default label)
 webauthn-registration-init-label-prompt=Gelieve het label van uw geregistreerde passkey in te voeren
 webauthn-error-title=Fout bij gebruik van passkey
-webauthn-error-registration=Registratie van uw passkey is gefaald.<br /> {0}
-webauthn-error-api-get=Aanmelden met de passkey is gefaald.<br /> {0}
+webauthn-error-registration=Registratie van uw passkey is gefaald. {0}
+webauthn-error-api-get=Aanmelden met de passkey is gefaald. {0}
 webauthn-error-different-user=De eerst ingelogde gebruiker is niet degene die is geauthenticeerd met de passkey.
-webauthn-error-auth-verification=Ongeldig resultaat van passkey aanmelding.<br /> {0}
+webauthn-error-auth-verification=Ongeldig resultaat van passkey aanmelding. {0}
 emailVerifySendCooldown=U moet {0} seconden wachten voordat u de verificatie-e-mail opnieuw kunt verzenden.
 doLogout=Uitloggen
 passkey-unsupported-browser-text=Passkey wordt niet ondersteund door deze browser. Probeer een andere of neem contact op met uw beheerder.
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_pl.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_pl.properties
@ -487,11 +487,11 @@ webauthn-registration-init-label-prompt=Wprowadź etykietę zarejestrowanego Pas

 # WebAuthn Error
 webauthn-error-title=Błąd Passkey
-webauthn-error-registration=Nie udało się zarejestrować Twojego Passkey.<br /> {0}
-webauthn-error-api-get=Nie udało się uwierzytelnić za pomocą Passkey.<br /> {0}
+webauthn-error-registration=Nie udało się zarejestrować Twojego Passkey. {0}
+webauthn-error-api-get=Nie udało się uwierzytelnić za pomocą Passkey. {0}
 webauthn-error-different-user=Pierwszy uwierzytelniony użytkownik nie jest tym który został uwierzytelniony przez Passkey
-webauthn-error-auth-verification=Wynik autoryzacji za pomocą Passkey jest niepoprawny.<br /> {0}
-webauthn-error-register-verification=Wynik rejestracji za pomocą Passkey jest niepoprawny.<br /> {0}
+webauthn-error-auth-verification=Wynik autoryzacji za pomocą Passkey jest niepoprawny. {0}
+webauthn-error-register-verification=Wynik rejestracji za pomocą Passkey jest niepoprawny. {0}
 webauthn-error-user-not-found=Nieznany użytkownik uwierzytelniony przez Passkey.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_pt.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_pt.properties
@ -490,8 +490,8 @@ webauthn-error-title=Erro de Chave de Segurança
 webauthn-error-registration=Falha ao registar a sua Chave de Segurança.
 webauthn-error-api-get=Falha ao autenticar usando a Chave de Segurança.
 webauthn-error-different-user=O primeiro utilizador autenticado não corresponde àquele autenticado pela Chave de Segurança.
-webauthn-error-auth-verification=O resultado da autenticação da Chave de Segurança é inválido.<br /> {0}
-webauthn-error-register-verification=O resultado do registo da Chave de Segurança é inválido.<br /> {0}
+webauthn-error-auth-verification=O resultado da autenticação da Chave de Segurança é inválido. {0}
+webauthn-error-register-verification=O resultado do registo da Chave de Segurança é inválido. {0}
 webauthn-error-user-not-found=Utilizador desconhecido autenticado pela Chave de Segurança.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_pt_BR.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_pt_BR.properties
@ -328,11 +328,11 @@ webauthn-unsupported-browser-text=WebAuthn não é suportada pelo seu navegador.

 # WebAuthn Error
 webauthn-error-title=Erro de Chave de Segurança
-webauthn-error-registration=Falha ao registrar sua Chave de Segurança.<br /> {0}
-webauthn-error-api-get=Falha ao autenticar usando a Chave de Segurança.<br /> {0}
+webauthn-error-registration=Falha ao registrar sua Chave de Segurança. {0}
+webauthn-error-api-get=Falha ao autenticar usando a Chave de Segurança. {0}
 webauthn-error-different-user=A primeira pessoa autenticada não é a mesma autenticada pela chave de segurança.
-webauthn-error-auth-verification=O resultado da autenticação com chave de segurança é inválido.<br /> {0}
-webauthn-error-register-verification=O resultado do registro de chave de segurança é inválido.<br /> {0}
+webauthn-error-auth-verification=O resultado da autenticação com chave de segurança é inválido. {0}
+webauthn-error-register-verification=O resultado do registro de chave de segurança é inválido. {0}
 webauthn-error-user-not-found=Usuário desconhecido autenticado pela chave de segurança.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_ro.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_ro.properties
@ -295,11 +295,11 @@ webauthn-passwordless-help-text=Folosește cheia de acces pentru autentificare f
 webauthn-doAuthenticate=Conectează-te cu cheia de acces
 webauthn-registration-init-label=Cheie de acces (etichetă implicită)
 webauthn-registration-init-label-prompt=Te rugăm să completezi eticheta cheii de acces înregistrate
-webauthn-error-registration=Nu s-a putut înregistra cheia de acces.<br /> {0}
-webauthn-error-api-get=Autentificarea cu cheia de acces nu a reușit.<br /> {0}
+webauthn-error-registration=Nu s-a putut înregistra cheia de acces. {0}
+webauthn-error-api-get=Autentificarea cu cheia de acces nu a reușit {0}
 webauthn-error-different-user=Primul utilizator autentificat nu este cel autentificat prin cheia de acces.
-webauthn-error-auth-verification=Rezultatul autentificării cu cheie de acces este invalid.<br /> {0}
-webauthn-error-register-verification=Rezultatul înregistrării cheii de acces este invalid.<br /> {0}
+webauthn-error-auth-verification=Rezultatul autentificării cu cheie de acces este invalid. {0}
+webauthn-error-register-verification=Rezultatul înregistrării cheii de acces este invalid. {0}
 webauthn-error-user-not-found=Utilizator necunoscut autentificat prin cheie de acces.
 passkey-unsupported-browser-text=Cheia de acces nu este acceptată de acest browser. Încercă altă cheie de acces sau contactează administratorul.
 passkey-doAuthenticate=Conectează-te cu cheia de acces
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_ru.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_ru.properties
@ -446,11 +446,11 @@ webauthn-registration-init-label-prompt=Пожалуйста, введите м

 # WebAuthn Error
 webauthn-error-title=Ошибка ключа доступа
-webauthn-error-registration=Не удалось зарегистрировать ключ доступа.<br /> {0}
-webauthn-error-api-get=Не удалось выполнить аутентификацию через ключ доступа.<br /> {0}
+webauthn-error-registration=Не удалось зарегистрировать ключ доступа. {0}
+webauthn-error-api-get=Не удалось выполнить аутентификацию через ключ доступа. {0}
 webauthn-error-different-user=Первый аутентифицированный пользователь не совпадает с пользователем, прошедшим аутентификацию через ключ доступа.
-webauthn-error-auth-verification=Результат аутентификации ключа доступа недействителен.<br /> {0}
-webauthn-error-register-verification=Результат регистрации ключа доступа недействителен.<br /> {0}
+webauthn-error-auth-verification=Результат аутентификации ключа доступа недействителен. {0}
+webauthn-error-register-verification=Результат регистрации ключа доступа недействителен. {0}
 webauthn-error-user-not-found=Неизвестный пользователь, аутентифицированный через ключ доступа.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_sk.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_sk.properties
@ -484,11 +484,11 @@ webauthn-registration-init-label-prompt=Zadajte prosím štítok Vášho registr

 # WebAuthn Error
 webauthn-error-title=Chybný prihlasovací kľúč
-webauthn-error-registration=Nepodarilo sa zaregistrovať prihlasovací kľúč.<br /> {0}
-webauthn-error-api-get=Nepodarilo sa overiť pomocou prihlasovacieho kľúča.<br /> {0}
+webauthn-error-registration=Nepodarilo sa zaregistrovať prihlasovací kľúč. {0}
+webauthn-error-api-get=Nepodarilo sa overiť pomocou prihlasovacieho kľúča. {0}
 webauthn-error-different-user=Prvý overený používateľ nie je ten, ktorý bol overený prihlasovacím kľúčom.
-webauthn-error-auth-verification=Výsledok overenia prihlasovacieho kľúča je neplatný.<br /> {0}
-webauthn-error-register-verification=Výsledok registrácie prihlasovacieho kľúča je neplatný.<br /> {0}
+webauthn-error-auth-verification=Výsledok overenia prihlasovacieho kľúča je neplatný. {0}
+webauthn-error-register-verification=Výsledok registrácie prihlasovacieho kľúča je neplatný. {0}
 webauthn-error-user-not-found=Neznámy používateľ overený prihlasovacím kľúčom.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_sl.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_sl.properties
@ -438,11 +438,11 @@ webauthn-registration-init-label-prompt=Prosimo, vnesite oznako za vaš registri

 # WebAuthn Error
 webauthn-error-title=Napaka ključa za dostop
-webauthn-error-registration=Registracija vašega ključa za dostop ni uspela.<br /> {0}
-webauthn-error-api-get=Avtentikacija s ključem za dostop ni uspela.<br /> {0}
+webauthn-error-registration=Registracija vašega ključa za dostop ni uspela. {0}
+webauthn-error-api-get=Avtentikacija s ključem za dostop ni uspela. {0}
 webauthn-error-different-user=Prvi avtenticirani uporabnik ni enak uporabniku, avtenticiranemu s ključem za dostop.
-webauthn-error-auth-verification=Rezultat avtentikacije s ključem za dostop ni veljaven.<br /> {0}
-webauthn-error-register-verification=Rezultat registracije ključa za dostop ni veljaven.<br /> {0}
+webauthn-error-auth-verification=Rezultat avtentikacije s ključem za dostop ni veljaven. {0}
+webauthn-error-register-verification=Rezultat registracije ključa za dostop ni veljaven. {0}
 webauthn-error-user-not-found=Neznan uporabnik, avtenticiran s ključem za dostop.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_sv.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_sv.properties
@ -500,11 +500,11 @@ webauthn-registration-init-label-prompt=Vänligen fyll i din registrerade passke

 # WebAuthn Error
 webauthn-error-title=Passkey-fel
-webauthn-error-registration=Registrering av Passkey misslyckades.<br /> {0}
-webauthn-error-api-get=Autentisering med Passkey misslyckades.<br /> {0}
+webauthn-error-registration=Registrering av Passkey misslyckades. {0}
+webauthn-error-api-get=Autentisering med Passkey misslyckades. {0}
 webauthn-error-different-user=Den först autentiserade användaren är inte samma som är autentiserad via Passkey.
-webauthn-error-auth-verification=Resultatet från Passkey-autentisering är ogiltigt.<br /> {0}
-webauthn-error-register-verification=Resultatet från Passkey-registrering är ogiltigt.<br /> {0}
+webauthn-error-auth-verification=Resultatet från Passkey-autentisering är ogiltigt. {0}
+webauthn-error-register-verification=Resultatet från Passkey-registrering är ogiltigt. {0}
 webauthn-error-user-not-found=Okänd användare autentiserad via Passkey.

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_th.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_th.properties
@ -459,11 +459,11 @@ webauthn-createdAt-label=สร้างแล้ว

 # WebAuthn Error
 webauthn-error-title=ข้อผิดพลาดของคีย์รักษาความปลอดภัย
-webauthn-error-registration=การลงทะเบียนคีย์รักษาความปลอดภัยของคุณไม่สำเร็จ<br /> {0}
-webauthn-error-api-get=การพิสูจน์ตัวจริงโดยใช้คีย์รักษาความปลอดภัยไม่สำเร็จ<br /> {0}
+webauthn-error-registration=การลงทะเบียนคีย์รักษาความปลอดภัยของคุณไม่สำเร็จ {0}
+webauthn-error-api-get=การพิสูจน์ตัวจริงโดยใช้คีย์รักษาความปลอดภัยไม่สำเร็จ {0}
 webauthn-error-different-user=ผู้ใช้งานที่พิสูจน์ตัวจริงรายแรกไม่ใช่รายที่ได้รับการพิสูจน์ตัวจริงจากคีย์รักษาความปลอดภัย
-webauthn-error-auth-verification=ผลการพิสูจน์ตัวจริงของคีย์รักษาความปลอดภัยไม่ถูกต้อง<br /> {0}
-webauthn-error-register-verification=ผลการลงทะเบียนของคีย์รักษาความปลอดภัยไม่ถูกต้อง<br /> {0}
+webauthn-error-auth-verification=ผลการพิสูจน์ตัวจริงของคีย์รักษาความปลอดภัยไม่ถูกต้อง {0}
+webauthn-error-register-verification=ผลการลงทะเบียนของคีย์รักษาความปลอดภัยไม่ถูกต้อง {0}
 webauthn-error-user-not-found=ผู้ใช้งานที่ไม่รู้จักได้รับการพิสูจน์ตัวจริงจากคีย์รักษาความปลอดภัย

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_tr.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_tr.properties
@ -425,11 +425,11 @@ webauthn-unsupported-browser-text=Bu tarayıcı WebAuthn’i desteklemiyor. Baş
 webauthn-doAuthenticate=Geçiş Anahtarı ile giriş yap,
 webauthn-createdAt-label=Oluşturuldu,
 webauthn-error-title=Geçiş Anahtarı hatası,
-webauthn-error-registration=Geçiş Anahatarınızı kaydederken hata oluştu.<br /> {0},
-webauthn-error-api-get=Geçiş Anahtarınızı doğrularken hata oluştu.<br /> {0},
+webauthn-error-registration=Geçiş Anahatarınızı kaydederken hata oluştu. {0},
+webauthn-error-api-get=Geçiş Anahtarınızı doğrularken hata oluştu. {0},
 webauthn-error-different-user=İlk doğrulanan kullanıcı, Geçiş Anahtarı ile doğrulanan kullanıcı değil.
-webauthn-error-auth-verification=Geçiş Anahtarı doğrulaması geçersiz.<br /> {0},
-webauthn-error-register-verification=Geçiş Anahtarı doğrulaması geçersiz.<br /> {0},
+webauthn-error-auth-verification=Geçiş Anahtarı doğrulaması geçersiz. {0},
+webauthn-error-register-verification=Geçiş Anahtarı doğrulaması geçersiz. {0},
 webauthn-error-user-not-found=Bilinmeyen kullanıcı Geçiş Anahtarı ile doğrulandı.
 identity-provider-redirector=Başka bir Kimlik Sağlayıcı ile iletişime geçiniz.,
 identity-provider-login-label=Veya giriş yap,
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_uk.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_uk.properties
@ -456,11 +456,11 @@ webauthn-createdAt-label=Створено

 # WebAuthn Error
 webauthn-error-title=Помилка ключа безпеки
-webauthn-error-registration=Не вдалося зареєструвати ваш ключ безпеки.<br /> {0}
-webauthn-error-api-get=Помилка автентифікації за допомогою ключа безпеки.<br /> {0}
+webauthn-error-registration=Не вдалося зареєструвати ваш ключ безпеки. {0}
+webauthn-error-api-get=Помилка автентифікації за допомогою ключа безпеки. {0}
 webauthn-error-different-user=Перший автентифікований користувач не є тим, хто автентифікований ключем безпеки.
-webauthn-error-auth-verification=Результат автентифікації ключа безпеки невірний.<br /> {0}
-webauthn-error-register-verification=Результат реєстрації ключа безпеки невірний.<br /> {0}
+webauthn-error-auth-verification=Результат автентифікації ключа безпеки невірний. {0}
+webauthn-error-register-verification=Результат реєстрації ключа безпеки невірний. {0}
 webauthn-error-user-not-found=Невідомий користувач автентифікований за допомогою ключа безпеки.

 # Identity provider
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_zh_Hans.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_zh_Hans.properties
@ -500,11 +500,11 @@ webauthn-registration-init-label-prompt=请为注册的通行金钥输入标签

 # WebAuthn Error
 webauthn-error-title=安全密钥错误
-webauthn-error-registration=注册您的安全密钥失败。<br /> {0}
-webauthn-error-api-get=通过安全密钥进行身份验证失败。<br /> {0}
+webauthn-error-registration=注册您的安全密钥失败。 {0}
+webauthn-error-api-get=通过安全密钥进行身份验证失败。 {0}
 webauthn-error-different-user=首次经过身份验证的用户不是通过安全密钥经过身份验证的用户。
-webauthn-error-auth-verification=安全密钥身份验证结果无效。<br /> {0}
-webauthn-error-register-verification=安全密钥注册结果无效。<br /> {0}
+webauthn-error-auth-verification=安全密钥身份验证结果无效。 {0}
+webauthn-error-register-verification=安全密钥注册结果无效。 {0}
 webauthn-error-user-not-found=通过安全密钥进行身份验证的用户未知。

 # Passkey
--- a/themes/src/main/resources-community/theme/base/login/messages/messages_zh_Hant.properties
+++ b/themes/src/main/resources-community/theme/base/login/messages/messages_zh_Hant.properties
@ -447,11 +447,11 @@ webauthn-registration-init-label-prompt=請為註冊的通行金鑰輸入標籤

 # WebAuthn Error
 webauthn-error-title=通行金鑰錯誤
-webauthn-error-registration=無法註冊您的通行金鑰。<br /> {0}
-webauthn-error-api-get=無法透過通行金鑰進行驗證。<br /> {0}
+webauthn-error-registration=無法註冊您的通行金鑰。 {0}
+webauthn-error-api-get=無法透過通行金鑰進行驗證。 {0}
 webauthn-error-different-user=第一位已驗證的使用者不是這個通行金鑰驗證的使用者。
-webauthn-error-auth-verification=通行金鑰驗證結果無效。<br /> {0}
-webauthn-error-register-verification=通行金鑰註冊結果無效。<br /> {0}
+webauthn-error-auth-verification=通行金鑰驗證結果無效。 {0}
+webauthn-error-register-verification=通行金鑰註冊結果無效。 {0}
 webauthn-error-user-not-found=未知的使用者透過通行金鑰進行驗證。

 # Passkey
--- a/themes/src/main/resources/theme/base/login/messages/messages_en.properties
+++ b/themes/src/main/resources/theme/base/login/messages/messages_en.properties
@ -501,11 +501,11 @@ webauthn-registration-init-label-prompt=Please input your registered passkey''s

 # WebAuthn Error
 webauthn-error-title=Passkey Error
-webauthn-error-registration=Failed to register your Passkey.<br /> {0}
-webauthn-error-api-get=Failed to authenticate by the Passkey.<br /> {0}
+webauthn-error-registration=Failed to register your Passkey. {0}
+webauthn-error-api-get=Failed to authenticate by the Passkey. {0}
 webauthn-error-different-user=First authenticated user is not the one authenticated by the Passkey.
-webauthn-error-auth-verification=Passkey authentication result is invalid.<br /> {0}
-webauthn-error-register-verification=Passkey registration result is invalid.<br /> {0}
+webauthn-error-auth-verification=Passkey authentication result is invalid. {0}
+webauthn-error-register-verification=Passkey registration result is invalid. {0}
 webauthn-error-user-not-found=Unknown user authenticated by the Passkey.

 # Passkey
--- a/themes/src/main/resources/theme/keycloak.v2/login/code.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/code.ftl
@ -5,7 +5,7 @@
        <#if code.success>
            ${msg("codeSuccessTitle")}
        <#else>
-            ${kcSanitize(msg("codeErrorTitle", code.error))}
+            ${msg("codeErrorTitle", code.error)}
        </#if>
    <#elseif section = "form">
        <div id="kc-code">
@ -89,7 +89,7 @@
                    }
                </script>
            <#else>
-                <p id="error">${kcSanitize(code.error)}</p>
+                <p id="error">${code.error}</p>
            </#if>
        </div>
    </#if>
--- a/themes/src/main/resources/theme/keycloak.v2/login/field.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/field.ftl
@ -41,7 +41,7 @@
  </#if>
 </#macro>

-<#macro input name label value="" required=false autocomplete="off" fieldName=name error=kcSanitize(messagesPerField.get(fieldName))?no_esc autofocus=false>
+<#macro input name label value="" required=false autocomplete="off" fieldName=name error=messagesPerField.get(fieldName) autofocus=false>
  <@group name=name label=label error=error required=required>
    <span class="${properties.kcInputClass} <#if error?has_content>${properties.kcError}</#if>">
        <input id="${name}" name="${name}" value="${value}" type="text" autocomplete="${autocomplete}" <#if autofocus>autofocus</#if>
@ -52,7 +52,7 @@
  </@group>
 </#macro>

-<#macro password name label value="" required=false forgotPassword=false fieldName=name error=kcSanitize(messagesPerField.get(fieldName))?no_esc autocomplete="off" autofocus=false>
+<#macro password name label value="" required=false forgotPassword=false fieldName=name error=messagesPerField.get(fieldName) autocomplete="off" autofocus=false>
  <@group name=name label=label error=error required=required>
    <div class="${properties.kcInputGroup}">
      <div class="${properties.kcInputGroupItemClass} ${properties.kcFill}">
--- a/themes/src/main/resources/theme/keycloak.v2/login/login-config-totp.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/login-config-totp.ftl
@ -65,11 +65,11 @@
                           inputmode="numeric"
                    />

-                    <@field.errorIcon error=kcSanitize(messagesPerField.get('totp'))?no_esc/>
+                    <@field.errorIcon error=messagesPerField.get('totp')/>
                </div>
                <#if messagesPerField.existsError('totp')>
                    <span id="input-error-otp-code" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                        ${kcSanitize(messagesPerField.get('totp'))?no_esc}
+                        ${messagesPerField.get('totp')}
                    </span>
                </#if>
                <input type="hidden" id="totpSecret" name="totpSecret" value="${totp.totpSecret}" />
@ -87,11 +87,11 @@
                           aria-invalid="<#if messagesPerField.existsError('userLabel')>true</#if>"
                    />

-                    <@field.errorIcon error=kcSanitize(messagesPerField.get('userLabel'))?no_esc/>
+                    <@field.errorIcon error=messagesPerField.get('userLabel')/>
                </div>
                <#if messagesPerField.existsError('userLabel')>
                    <span id="input-error-otp-label" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                        ${kcSanitize(messagesPerField.get('userLabel'))?no_esc}
+                        ${messagesPerField.get('userLabel')}
                    </span>
                </#if>
            </div>
--- a/themes/src/main/resources/theme/keycloak.v2/login/login-otp.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/login-otp.ftl
@ -32,14 +32,16 @@
            <@buttons.loginButton />
        </form>
        <script>
+            <#outputformat "JavaScript">
            function toggleOTP(index, value) {
                // select the clicked OTP credential
                document.getElementById("selectedCredentialId").value = value;
                // remove selected class from all OTP credentials
-                Array.from(document.getElementsByClassName("${properties.kcLoginOTPListSelectedClass!}")).map(i => i.classList.remove("${properties.kcLoginOTPListSelectedClass!}"));
+                Array.from(document.getElementsByClassName(${properties.kcLoginOTPListSelectedClass!?c})).map(i => i.classList.remove(${properties.kcLoginOTPListSelectedClass!?c}));
                // add selected class to the clicked OTP credential
-                document.getElementById("kc-otp-credential-" + index).classList.add("${properties.kcLoginOTPListSelectedClass!}");
+                document.getElementById("kc-otp-credential-" + index).classList.add(${properties.kcLoginOTPListSelectedClass!?c});
            }
+            </#outputformat>
        </script>
    </#if>
 </@layout.registrationLayout>
--- a/themes/src/main/resources/theme/keycloak.v2/login/login.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/login.ftl
@ -17,7 +17,7 @@
                        <#assign label>
                            <#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if>
                        </#assign>
-                        <@field.input name="username" label=label error=kcSanitize(messagesPerField.getFirstError('username','password'))?no_esc
+                        <@field.input name="username" label=label error=messagesPerField.getFirstError('username','password')
                            autofocus=true autocomplete="${(enableWebAuthnConditionalUI?has_content)?then('username webauthn', 'username')}" value=login.username!'' />
                        <@field.password name="password" label=msg("password") error="" forgotPassword=realm.resetPasswordAllowed autofocus=usernameHidden?? autocomplete="current-password">
                            <#if realm.rememberMe && !usernameHidden??>
--- a/themes/src/main/resources/theme/keycloak.v2/login/password-validation.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/password-validation.ftl
@ -16,15 +16,16 @@

 <#macro script field="">
    <script type="module">
+        <#outputformat "JavaScript">
        import { validatePassword } from "${url.resourcesPath}/js/password-policy.js";

        const activePolicies = [
-            { name: "length", policy: { value: ${passwordPolicies.length!-1}, error: "${msg('invalidPasswordMinLengthMessage')}"} },
-            { name: "maxLength", policy: { value: ${passwordPolicies.maxLength!-1}, error: "${msg('invalidPasswordMaxLengthMessage')}"} },
-            { name: "lowerCase", policy: { value: ${passwordPolicies.lowerCase!-1}, error: "${msg('invalidPasswordMinLowerCaseCharsMessage')}"} },
-            { name: "upperCase", policy: { value: ${passwordPolicies.upperCase!-1}, error: "${msg('invalidPasswordMinUpperCaseCharsMessage')}"} },
-            { name: "digits", policy: { value: ${passwordPolicies.digits!-1}, error: "${msg('invalidPasswordMinDigitsMessage')}"} },
-            { name: "specialChars", policy: { value: ${passwordPolicies.specialChars!-1}, error: "${msg('invalidPasswordMinSpecialCharsMessage')}"} }
+            { name: "length", policy: { value: ${passwordPolicies.length!-1}, error: ${msg('invalidPasswordMinLengthMessage')?c} } },
+            { name: "maxLength", policy: { value: ${passwordPolicies.maxLength!-1}, error: ${msg('invalidPasswordMaxLengthMessage')?c} } },
+            { name: "lowerCase", policy: { value: ${passwordPolicies.lowerCase!-1}, error: ${msg('invalidPasswordMinLowerCaseCharsMessage')?c} } },
+            { name: "upperCase", policy: { value: ${passwordPolicies.upperCase!-1}, error: ${msg('invalidPasswordMinUpperCaseCharsMessage')?c} } },
+            { name: "digits", policy: { value: ${passwordPolicies.digits!-1}, error: ${msg('invalidPasswordMinDigitsMessage')?c} } },
+            { name: "specialChars", policy: { value: ${passwordPolicies.specialChars!-1}, error: ${msg('invalidPasswordMinSpecialCharsMessage')?c} } }
        ].filter(p => p.policy.value !== -1);

        document.getElementById("${field}").addEventListener("change", (event) => {
@ -47,5 +48,6 @@
            });
            errorContainer.replaceChildren(template);
        });
+    </#outputformat>
    </script>
 </#macro>
--- a/themes/src/main/resources/theme/keycloak.v2/login/register-commons.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/register-commons.ftl
@ -18,7 +18,7 @@
            <#if messagesPerField.existsError('termsAccepted')>
                <div class="${properties.kcLabelWrapperClass!}">
                            <span id="input-error-terms-accepted" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                                ${kcSanitize(messagesPerField.get('termsAccepted'))?no_esc}
+                                ${messagesPerField.get('termsAccepted')}
                            </span>
                </div>
            </#if>
--- a/themes/src/main/resources/theme/keycloak.v2/login/register.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/register.ftl
@ -8,7 +8,7 @@

    <#if section = "header">
        <#if messageHeader??>
-            ${kcSanitize(msg("${messageHeader}"))?no_esc}
+            ${msg(messageHeader)}
        <#else>
            ${msg("registerTitle")}
        </#if>
--- a/themes/src/main/resources/theme/keycloak.v2/login/template.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/template.ftl
@ -87,11 +87,13 @@
    </#if>
    <script type="module" src="${url.resourcesPath}/js/passwordVisibility.js"></script>
    <script type="module">
+        <#outputformat "JavaScript">
        import { startSessionPolling } from "${url.resourcesPath}/js/authChecker.js";

        startSessionPolling(
-            "${url.ssoLoginInOtherTabsUrl?no_esc}"
+            ${url.ssoLoginInOtherTabsUrl?c}
        );
+        </#outputformat>
    </script>
    <script type="module">
        document.addEventListener("click", (event) => {
@ -118,11 +120,13 @@
    </script>
    <#if authenticationSession??>
        <script type="module">
+             <#outputformat "JavaScript">
            import { checkAuthSession } from "${url.resourcesPath}/js/authChecker.js";

            checkAuthSession(
-                "${authenticationSession.authSessionIdHash}"
+                ${authenticationSession.authSessionIdHash?c}
            );
+            </#outputformat>
        </script>
    </#if>
    <script>
@ -222,7 +226,7 @@
                    <#if message.type = 'error'><span class="${properties.kcFeedbackErrorIcon!}"></span></#if>
                    <#if message.type = 'info'><span class="${properties.kcFeedbackInfoIcon!}"></span></#if>
                </div>
-                <span class="${properties.kcAlertTitleClass!} kc-feedback-text">${kcSanitize(message.summary)?no_esc}</span>
+                <span class="${properties.kcAlertTitleClass!} kc-feedback-text">${message.summary}</span>
            </div>
        </#if>

@ -233,7 +237,7 @@
              <input type="hidden" name="tryAnotherWay" value="on"/>
              <a id="try-another-way" href="javascript:document.forms['kc-select-try-another-way-form'].requestSubmit()"
                  class="${properties.kcButtonSecondaryClass} ${properties.kcButtonBlockClass} ${properties.kcMarginTopClass}">
-                    ${kcSanitize(msg("doTryAnotherWay"))?no_esc}
+                    ${msg("doTryAnotherWay")}
              </a>
          </form>
        </#if>
--- a/themes/src/main/resources/theme/keycloak.v2/login/user-profile-commons.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/user-profile-commons.ftl
@ -41,7 +41,7 @@

 			<#nested "beforeField" attribute>

-			<@field.group name=attribute.name label=advancedMsg(attribute.displayName!'') error=kcSanitize(messagesPerField.get('${attribute.name}'))?no_esc required=attribute.required>
+			<@field.group name=attribute.name label=advancedMsg(attribute.displayName!'') error=messagesPerField.get('${attribute.name}') required=attribute.required>
 				<div class="${properties.kcInputWrapperClass!}">
 					<#if attribute.annotations.inputHelperTextBefore??>
 						<div class="${properties.kcInputHelperTextBeforeClass!}" id="form-help-text-before-${attribute.name}" aria-live="polite">${kcSanitize(advancedMsg(attribute.annotations.inputHelperTextBefore))?no_esc}</div>
--- a/themes/src/main/resources/theme/keycloak.v2/login/webauthn-error.ftl
+++ b/themes/src/main/resources/theme/keycloak.v2/login/webauthn-error.ftl
@ -2,15 +2,17 @@
 <#import "buttons.ftl" as buttons>
 <@layout.registrationLayout ; section>
    <#if section = "header">
-        ${kcSanitize(msg("webauthn-error-title"))?no_esc}
+        ${msg("webauthn-error-title")}
    <#elseif section = "form">

        <script type="text/javascript">
+            <#outputformat "JavaScript">
            refreshPage = () => {
                document.getElementById('isSetRetry').value = 'retry';
-                document.getElementById('executionValue').value = '${execution}';
+                document.getElementById('executionValue').value = ${execution?c};
                document.getElementById('kc-error-credential-form').requestSubmit();
            }
+            </#outputformat>
        </script>

        <form id="kc-error-credential-form" class="${properties.kcFormClass!}" action="${url.loginAction}"