XWIKI-19747: Escape tag names

* Escape tag names for XWiki syntax

xwiki-platform-core/xwiki-platform-tag/xwiki-platform-tag-ui/src/main/resources/Main/Tags.xml

@@ -51,14 +51,15 @@ $xwiki.ssx.use('Main.Tags')##
 ##
 #set ($do = "$!{request.get('do')}")
 #set ($tag = "$!{request.get('tag')}")
+#set ($wikiEscapedTag = $services.rendering.escape($tag, 'xwiki/2.1'))
 #set ($urlEscapedTag = $escapetool.url($tag))
 #set ($htmlEscapedTag = $escapetool.xml($tag))
 ##
 ## Macro displayTagAppTitle. Display level1 title of this app.
 ##
 #macro (displayTagAppTitle $urlEscapedTag $htmlEscapedTag $displayButtons)
   (% class="xapp" %)
-  = (% class="highlight tag" %)${tag}##
+  = (% class="highlight tag" %)${wikiEscapedTag}##
       #if ($xwiki.hasAdminRights() && $displayButtons) ##
         [[$services.localization.render('xe.tag.rename.link')>>||queryString="do=prepareRename&tag=${urlEscapedTag}" class="button rename" rel="nofollow"]] [[$services.localization.render('xe.tag.delete.link')>>||queryString="do=prepareDelete&tag=${urlEscapedTag}" class="button delete" rel="nofollow"]]##
       #end
@@ -74,14 +75,14 @@ $xwiki.ssx.use('Main.Tags')##
   ##
   #displayTagAppTitle($urlEscapedTag $htmlEscapedTag true)
   #if ("$!{request.get('renamedTag')}" != '')
-    {{info}}$services.localization.render('xe.tag.rename.success', ["//${request.get('renamedTag')}//"]){{/info}}
+    {{info}}$services.localization.render('xe.tag.rename.success', ["//${services.rendering.escape(${request.get('renamedTag')}, 'xwiki/2.1')}//"]){{/info}}
 
   #end
   #set ($list = $xwiki.tag.getDocumentsWithTag($tag))
   {{container layoutStyle="columns"}}
     (((
       (% class="xapp" %)
-      === $services.localization.render('xe.tag.alldocs', ["//${tag}//"]) ===
+      === $services.localization.render('xe.tag.alldocs', ["//${wikiEscapedTag}//"]) ===
 
       #if ($list.size()> 0)
         {{html}}#displayDocumentList($list false $blacklistedSpaces){{/html}}
@@ -91,8 +92,8 @@ $xwiki.ssx.use('Main.Tags')##
     )))
     (((
       (% class="xapp" %)
-      === $services.localization.render('xe.tag.activity', ["//${tag}//"]) ===
-      {{notifications useUserPreferences="false" displayOwnEvents="true" tags="$tag" displayRSSLink="true" /}}
+      === $services.localization.render('xe.tag.activity', ["//${wikiEscapedTag}//"]) ===
+      {{notifications useUserPreferences="false" displayOwnEvents="true" tags="$wikiEscapedTag" displayRSSLink="true" /}}
     )))
   {{/container}}
 #elseif ($do == 'prepareRename')
@@ -123,7 +124,7 @@ $xwiki.ssx.use('Main.Tags')##
    #set ($urlEscapedRenameTo = $escapetool.url($renameTo))
    $response.sendRedirect($doc.getURL('view', "do=viewTag&tag=${urlEscapedRenameTo}&renamedTag=${urlEscapedTag}"))
   #else
-    {{error}}$services.localization.render('xe.tag.rename.failure', ["//${tag}//", "//${renameTo}//"]){{/error}}
+    {{error}}$services.localization.render('xe.tag.rename.failure', ["//${wikiEscapedTag}//", "//${services.rendering.escape($renameTo, 'xwiki/2.1')}//"]){{/error}}
   #end
 #elseif ($do == 'prepareDelete')
   ##
@@ -148,15 +149,15 @@ $xwiki.ssx.use('Main.Tags')##
   #if ($success == true || $success == 'OK')
     $response.sendRedirect($doc.getURL('view', "deletedTag=${urlEscapedTag}"))
   #else
-    {{error}}$services.localization.render('xe.tag.delete.failure', ["//${tag}//"]){{/error}}
+    {{error}}$services.localization.render('xe.tag.delete.failure', ["//${wikiEscapedTag}//"]){{/error}}
   #end
 #else
   ##
   ## View all tags (Tag Cloud)
   ##
   #set ($title = 'All Tags')
   #if ("$!{request.get('deletedTag')}" != '')
-    {{info}}$services.localization.render('xe.tag.delete.success', ["//${request.get('deletedTag')}//"]){{/info}}
+    {{info}}$services.localization.render('xe.tag.delete.success', ["//${services.rendering.escape($request.get('deletedTag'), 'xwiki/2.1')}//"]){{/info}}
 
   #end
   {{tagcloud/}}