Forum OpenACS Development: Re: XSS vulnerability in XoWiki and a lot of other OpenACS pages

Hmmm.

The ad_returnredirect -message $message

has the same effect as calling util_user_message and it worked on a clean oacs-5-7 checkout.

Note your master template has to correctly inject the user message div. Not sure which template this is in , blank-master or default-master.