Hi,
found weird behavior in classic portlet parsing in Plone5 (tested in 5.2.9 and 5.2.7). Plone4 and Plone6 are safe from this.
To reproduce just add a classic portlet within the code:
<div metal:define-macro="portlet">
<p>Here follows the script</p>
<script type="text/javascript">
if ( 4<5 ) {alert('ciao');}
</script>
</div>
You'll see that in the rendered portlet the < char get escaped in entity <. The same for > and &. It's not even useful using //<![CDATA[ ... //]]> enclosure because the first < get escaped as well.
The resulting html is something like:
<div class="portletWrapper" id="[...]">
<div>
<p>Here follows the script</p>
<script type="text/javascript">
if ( 4<5 ){ alert('ciao'); }
</script>
</div>
</div>
The workaround is to load the js via src attribute, but I wonder if there is a way to avoid this.
alessandro.