If you write in the description field of a template element something like <base href="...." />, then MODX manager does not redirect correctly because it uses descriptions base url as a base url.
<base href="...." />
Create or update a template and type in the comment field <base href="[[!++site_url]]" />
<base href="[[!++site_url]]" /
Create or edit a document and try to change the template.
Then once the page reloads you will forced to a wrong url that will include [[!++site_url]]
It should reload the page you are loading
Latest modx version (also occurred in some versions before )
@halvid If you have information about a security issue, please email it to email@example.com.
Doesn't happen to me, neither on localhost nor on a MODX Cloud installation. I think something is missing in your post content.
With the updated issue description I can reproduce.
Encode HTML in the template description to prevent potential XSS [#13290
Fix in #13291.
That's a weird one. What does the description have to do with the URL?
My guess is that it has something to do with Ext JS. When we debuged the issue we found that when the page reloads the json feed includes the base url tag