freemarker の js_string の歴史
freemarker の js_string がどのような変遷をたどってきたのかをまとめてみた。
2.3
Date of release: 2004-June-15
https://freemarker.apache.org/docs/versions_2_3.html
New built-ins for Java and JavaScript string escaping: j_string and js_string
2.3.1
Date of release: 2005-01-04
https://freemarker.apache.org/docs/versions_2_3_1.html
The js_string built-in now escapes > as > (to avoid ).
2.3.20
Date of release: 2013-06-27
https://freemarker.apache.org/docs/versions_2_3_20.html
Bug fix [390] (and other improvements): ?js_string and ?json_string didn't escape the u2028-u2029 line terminators (problem for JavaScript) and the u007F-u009F control characters (maybe a problem in JSON, depending on implementation). Furthermore, the escaping of , <, and > become safer in that now they are escaped whenever it can't be guaranteed that they won't be part of <!, ]]> or </. Earlier they were only escaped when it was known that they are part of these patterns, thus it was possible to assemble these patterns from two adjacent interpolations. Additionally, from now on <? and --> also count as dangerous patterns, and will trigger < and > escaping.
まとめ
2.3.20 以後、2023年4月現在の最新版である 2.3.32 まで変更はなし。