SXSS in the user profile via the timezone displayer

@@ -47,9 +47,7 @@
   #else
     #set ($output = $doc.display($property))
   #end
-  #set ($output = $stringtool.removeStart($output, '{{html clean="false" wiki="false"}}'))
-  #set ($output = $stringtool.removeEnd($output, '{{/html}}'))
-  $output
+  #unwrapXPropertyDisplay($output)
 #end
 
 #macro (displayPathsPropertyValue $property)

@@ -364,9 +364,7 @@
     ## the annotated document (i.e. isolated), not the current document.
     #set ($output = $annotatedDocument.display($annotationProperty.name, 'view', $annotationObject))
     ## Remove the HTML macro wrapping because the output is later injected in another HTML macro with wiki=false.
-    #set ($output = $stringtool.removeStart($output, '{{html clean="false" wiki="false"}}'))
-    #set ($output = $stringtool.removeEnd($output, '{{/html}}'))
-    $output
+    #unwrapXPropertyDisplay($output)
   #end
 #end
 {{/velocity}}</content>

@@ -241,10 +241,7 @@
 #end
 
 #macro (displayCKEditorConfigPropertyValue $configDoc $propName $action)
-  #set ($output = $configDoc.display($propName, $action))
-  #set ($output = $stringtool.removeStart($output, '{{html clean="false" wiki="false"}}'))
-  #set ($output = $stringtool.removeEnd($output, '{{/html}}'))
-  $output
+  #unwrapXPropertyDisplay($configDoc.display($propName, $action))
 #end
 
 #macro (displayCKEditorConfig $configDoc $action)

@@ -78,10 +78,7 @@
 #end
 
 #macro (displayPDFExportConfigPropertyValue $configProperty $displayMode)
-  #set ($output = $doc.display($configProperty.name, $displayMode))
-  #set ($output = $stringtool.removeStart($output, '{{html clean="false" wiki="false"}}'))
-  #set ($output = $stringtool.removeEnd($output, '{{/html}}'))
-  $!output
+  #unwrapXPropertyDisplay($doc.display($configProperty.name, $displayMode))
 #end
 
 #macro (viewPDFExportConfig)

@@ -105,10 +105,7 @@
 #end
 
 #macro (renderPDFElement $pdfTemplateObj $element)
-  #set ($output = $tdoc.display($element, $pdfTemplateObj))
-  #set ($output = $stringtool.removeStart($output, '{{html clean="false" wiki="false"}}'))
-  #set ($output = $stringtool.removeEnd($output, '{{/html}}'))
-  $!output
+  #unwrapXPropertyDisplay($tdoc.display($element, $pdfTemplateObj))
 #end
 
 #macro (renderPDFContent)

@@ -502,7 +502,7 @@
     #else
       #set($fieldValue = "$!fieldProperty.getValue()")
     #end
-    #set($fieldDisplayValue = "$!itemDoc.display($colname, 'view')")
+    #set($fieldDisplayValue = "#unwrapXPropertyDisplay($itemDoc.display($colname, 'view'))")
     #if($fieldDisplayValue == '')
       #set($fieldDisplayValue = $services.localization.render("${request.transprefix}emptyvalue"))
     #end
@@ -514,7 +514,7 @@
         #set($fieldUrl = '')
       #end
     #end
-    #set($discard = $row.put($colname, $fieldDisplayValue.replaceFirst($regextool.quote('{{html clean="false" wiki="false"}}'), '').replaceAll("$regextool.quote('{{/html}}')$", '')))
+    #set($discard = $row.put($colname, $fieldDisplayValue))
     #set($discard = $row.put("${colname}_value", $fieldValue))
     #set($discard = $row.put("${colname}_url", $fieldUrl))
     ## Reset to the default class

@@ -79,10 +79,7 @@
 
 {{velocity output="false"}}
 #macro (displayConfigPropertyValue $propName $action)
-  #set ($output = $doc.display($propName, $action))
-  #set ($output = $stringtool.removeStart($output, '{{html clean="false" wiki="false"}}'))
-  #set ($output = $stringtool.removeEnd($output, '{{/html}}'))
-  $output
+  #unwrapXPropertyDisplay($doc.display($propName, $action))
 #end
 
 #macro (displayPageLayoutSection)

@@ -40,10 +40,7 @@
 
 {{velocity output="false"}}
 #macro (displayObjectPropertyValue $propertyName $mode)
-  #set ($output = $doc.display($propertyName, $mode))
-  #set ($output = $stringtool.removeStart($output, '{{html clean="false" wiki="false"}}'))
-  #set ($output = $stringtool.removeEnd($output, '{{/html}}'))
-  $output
+  #unwrapXPropertyDisplay($doc.display($propertyName, $mode))
 #end
 
 #macro (displaySearchSuggestSource $source)

@@ -111,4 +111,25 @@
       <scope>test</scope>
     </dependency>
   </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>test-jar</id>
+            <goals>
+              <goal>test-jar</goal>
+            </goals>
+            <configuration>
+              <includes>
+                <include>**/UIExtensionScriptServiceComponentList.class</include>
+              </includes>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
 </project>

@@ -0,0 +1,81 @@
+/*
+ * See the NOTICE file distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.xwiki.uiextension.script;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import org.xwiki.component.wiki.internal.DefaultWikiComponentManager;
+import org.xwiki.component.wiki.internal.DefaultWikiComponentManagerContext;
+import org.xwiki.component.wiki.internal.WikiComponentManagerEventListenerHelper;
+import org.xwiki.component.wiki.internal.bridge.DefaultContentParser;
+import org.xwiki.component.wiki.internal.bridge.DefaultWikiObjectComponentManagerEventListener;
+import org.xwiki.component.wiki.internal.bridge.WikiObjectComponentManagerEventListenerProxy;
+import org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRenderer;
+import org.xwiki.test.annotation.ComponentList;
+import org.xwiki.uiextension.internal.DefaultUIExtensionManager;
+import org.xwiki.uiextension.internal.WikiUIExtensionComponentBuilder;
+import org.xwiki.uiextension.internal.filter.ExcludeFilter;
+import org.xwiki.uiextension.internal.filter.SelectFilter;
+import org.xwiki.uiextension.internal.filter.SortByCustomOrderFilter;
+import org.xwiki.uiextension.internal.filter.SortByIdFilter;
+import org.xwiki.uiextension.internal.filter.SortByParameterFilter;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * Pack of default component implementations that are needed for {@link UIExtensionScriptService}.
+ *
+ * @version $Id$
+ * @since 14.10.5
+ * @since 15.1RC1
+ */
+@Documented
+@Retention(RUNTIME)
+@Target({TYPE, METHOD, ANNOTATION_TYPE})
+@ComponentList({
+    UIExtensionScriptService.class,
+    DefaultUIExtensionManager.class,
+    WikiUIExtensionComponentBuilder.class,
+    // Filters
+    ExcludeFilter.class,
+    SelectFilter.class,
+    SortByCustomOrderFilter.class,
+    SortByIdFilter.class,
+    SortByParameterFilter.class,
+    // Needed for registering the UI extensions defined in wiki pages.
+    DefaultWikiObjectComponentManagerEventListener.class,
+    WikiObjectComponentManagerEventListenerProxy.class,
+    WikiComponentManagerEventListenerHelper.class,
+    DefaultWikiComponentManager.class,
+    DefaultWikiComponentManagerContext.class,
+    // Needed for rendering the UI extensions.
+    DefaultContentParser.class,
+    DefaultBlockAsyncRenderer.class
+})
+@Inherited
+public @interface UIExtensionScriptServiceComponentList
+{
+}

@@ -276,8 +276,7 @@
 #macro (displayProperty $propertyName $object $action)
   #set ($propertyClass = $object.xWikiClass.get($propertyName))
   #set ($isCheckbox = $propertyClass.getValue('displayFormType') == 'checkbox')
-  #set ($fieldDisplay = $stringtool.removeEnd($stringtool.removeStart($object.display($propertyName, $action),
-    '{{html clean="false" wiki="false"}}'), '{{/html}}'))
+  #set ($fieldDisplay = "#unwrapXPropertyDisplay($object.display($propertyName, $action))")
   <dt>
     <label #if ($action == 'edit' && !$isCheckbox)
         for="$escapetool.xml("${object.xWikiClass.name}_${object.number}_$propertyName")"#end>

@@ -118,5 +118,42 @@
       <version>${project.version}</version>
       <scope>runtime</scope>
     </dependency>
+    <!-- Test dependencies. -->
+    <dependency>
+      <groupId>org.xwiki.platform</groupId>
+      <artifactId>xwiki-platform-test-page</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.xwiki.platform</groupId>
+      <artifactId>xwiki-platform-web-templates</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <!-- Provides the component list for UIExtensionScriptService. -->
+    <dependency>
+      <groupId>org.xwiki.platform</groupId>
+      <artifactId>xwiki-platform-uiextension-api</artifactId>
+      <version>${project.version}</version>
+      <classifier>tests</classifier>
+      <type>test-jar</type>
+      <scope>test</scope>
+    </dependency>
+    <!-- Provides the component list for RenderingScriptService. -->
+    <dependency>
+      <groupId>org.xwiki.platform</groupId>
+      <artifactId>xwiki-platform-rendering-xwiki</artifactId>
+      <version>${project.version}</version>
+      <type>test-jar</type>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.xwiki.platform</groupId>
+      <artifactId>xwiki-platform-rendering-configuration-default</artifactId>
+      <version>${project.version}</version>
+      <type>test-jar</type>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 </project>

@@ -20,7 +20,7 @@
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 -->
 
-<xwikidoc version="1.3" reference="XWiki.XWikiUserPreferencesSheet" locale="">
+<xwikidoc version="1.5" reference="XWiki.XWikiUserPreferencesSheet" locale="">
   <web>XWiki</web>
   <name>XWikiUserPreferencesSheet</name>
   <language/>
@@ -73,11 +73,11 @@
         <number>4</number>
         <prettyName>Context elements</prettyName>
         <relationalStorage>0</relationalStorage>
-        <separator> </separator>
+        <separator>, </separator>
         <separators>|, </separators>
         <size>5</size>
         <unmodifiable>0</unmodifiable>
-        <values>doc.reference=Document|icon.theme=Icon theme|locale=Language|rendering.defaultsyntax=Default syntax|rendering.restricted=Restricted|rendering.targetsyntax=Target syntax|request.base=Request base URL|request.parameters=Request parameters|request.url=Request URL|request.wiki=Request wiki|user=User|wiki=Wiki</values>
+        <values>action=Action|doc.reference=Document|icon.theme=Icon theme|locale=Language|rendering.defaultsyntax=Default syntax|rendering.restricted=Restricted|rendering.targetsyntax=Target syntax|request.base=Request base URL|request.cookies|request.headers|request.parameters=Request parameters|request.remoteAddr|request.url=Request URL|request.wiki=Request wiki|user=User|wiki=Wiki</values>
         <classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
       </async_context>
       <async_enabled>
@@ -97,6 +97,7 @@
         <name>content</name>
         <number>1</number>
         <prettyName>Executed Content</prettyName>
+        <restricted>0</restricted>
         <rows>25</rows>
         <size>120</size>
         <unmodifiable>0</unmodifiable>
@@ -127,6 +128,7 @@
         <name>parameters</name>
         <number>7</number>
         <prettyName>Extension Parameters</prettyName>
+        <restricted>0</restricted>
         <rows>10</rows>
         <size>40</size>
         <unmodifiable>0</unmodifiable>
@@ -173,72 +175,68 @@
 ###############################
 ##        CONTROLLER
 ###############################
-#if(!$obj)
-  {{info}}$services.localization.render('xe.admin.users.applyonusers'){{/info}}##
+#if (!$obj)
+  {{info}}{{translation key="xe.admin.users.applyonusers" /}}{{/info}}
 #else
   #displayFields()
 #end
 ###############################
 ##  DISPLAY FIELD OPTION LABEL
 ###############################
-#macro(displayFieldOptionLabel $option)
-  #if ($services.localization.render($option.label) != $option.label)
-    $services.localization.render($option.label)
+#macro (displayFieldOptionLabel $option)
+  #if ($services.localization.get($option.label))
+    $escapetool.xml($services.localization.render($option.label))
   #else
-    $option.value
+    $escapetool.xml($option.value)
   #end
 #end
 ###############################
 ##   DISPLAY SELECT FIELD
 ###############################
-#macro(displaySelectField $fieldName $default)
+#macro (displaySelectField $fieldName $defaultValue)
   #set ($value = $doc.getValue($fieldName, $obj))
   #set ($prop = $xclass.get($fieldName))
   #set ($options = [])
   #if ($prop.classType == 'Boolean')
     #set ($discard = $options.add({'value': 1, 'label': 'yes'}))
     #set ($discard = $options.add({'value': 0, 'label': 'no'}))
   #elseif ($prop.classType == 'Timezone')
-    #foreach($tz in $xwiki.jodatime.serverTimezone.availableIDs)
-      #set ($discard = $options.add({'value': $tz, 'label': $tz}))
-    #end
-    ## If the default value is empty (nothing has been set by the administrator), the fallback is the timezone of the 
-    ## server. But we won't display the "System Default" option, which is technical (it supposes the user knows there 
-    ## is a server with its own timezone, etc...)
-    #if ("$!default" == '')
-      #set ($default = $xwiki.jodatime.serverTimezone)
+    #foreach ($timeZoneId in $xwiki.jodatime.serverTimezone.availableIDs)
+      #set ($discard = $options.add({'value': $timeZoneId, 'label': $timeZoneId}))
     #end
   #else
-    #foreach($v in $prop.listValues)
+    #foreach ($v in $prop.listValues)
       #set ($discard = $options.add({'value': $v, 'label': "XWiki.XWikiUsers_${fieldName}_${v}"}))
     #end
   #end
+  #set ($defaultValueHint = "($escapetool.xml($services.localization.render('userprofile.default')))")
   #if ($isEdit)
-    &lt;select name="XWiki.XWikiUsers_0_${fieldName}" id="XWiki.XWikiUsers_0_${fieldName}" size="1"&gt;
-      #if ($default)
+    #set ($escapedId = $escapetool.xml("XWiki.XWikiUsers_0_${fieldName}"))
+    &lt;select name="$escapedId" id="$escapedId" size="1"&gt;
+      #if ($defaultValue)
         &lt;option value=""&gt;---&lt;/option&gt;
       #end
       #foreach ($option in $options)
         ## Some properties actually have "---" as a possible value, so we don't display it because we have
         ## already displayed it above.
         #if ($option.value != '---')
-          &lt;option value="$option.value" #if($value == $option.value)selected="selected"#end&gt;
+          &lt;option value="$escapetool.xml($option.value)"#if ($value == $option.value) selected#end&gt;
             #displayFieldOptionLabel($option)
-            #if ($default == $option.value)
-              ($services.localization.render('userprofile.default'))
+            #if ($defaultValue == $option.value)
+              $defaultValueHint
             #end
           &lt;/option&gt;
         #end
       #end
     &lt;/select&gt;
   #else
     #if ("$!value" != '')
-      $doc.display($fieldName)
+      #unwrapXPropertyDisplay($doc.display($fieldName))
     #else
       #foreach ($option in $options)
-        #if ("$!default" == "$!option.value")
+        #if ("$!defaultValue" == "$!option.value")
           #displayFieldOptionLabel($option)
-          &lt;small&gt;($services.localization.render('userprofile.default'))&lt;/small&gt;
+          &lt;small&gt;$defaultValueHint&lt;/small&gt;
         #end
       #end
     #end
@@ -247,57 +245,56 @@
 ###############################
 ##      DISPLAY FIELD
 ###############################
-#macro(displayField $fieldName $label $default)
+#macro (displayField $fieldName $label $defaultValue)
   #set ($hintKey = "XWiki.XWikiUsers_${fieldName}.hint")
   &lt;dt&gt;
-    &lt;label&gt;$services.localization.render($label)&lt;/label&gt;
+    &lt;label&gt;$!escapetool.xml($services.localization.render($label))&lt;/label&gt;
     #if ($services.localization.get($hintKey))
-      &lt;span class="xHint"&gt;$services.localization.render($hintKey)&lt;/span&gt;
+      &lt;span class="xHint"&gt;$!escapetool.xml($services.localization.render($hintKey))&lt;/span&gt;
     #end
   &lt;/dt&gt;
-  &lt;dd&gt;
+  &lt;dd data-user-property="$!escapetool.xml($fieldName)"&gt;
     #if ($fieldName == 'timezone' &amp;&amp; !$xwiki.jodatime)
-      #if ($isEdit)
-        &lt;input id="XWiki.XWikiUsers_0_${fieldName}" name="XWiki.XWikiUsers_0_${fieldName}" type="text" value="$!escapetool.xml($obj.getValue($fieldName))"/&gt;
-      #else
-        #if ("$!obj.getValue('timezone')" == '' &amp;&amp; "$!xwiki.getXWikiPreference('timezone')" != '')
-          $xwiki.getXWikiPreference('timezone') &lt;small&gt;($services.localization.render('userprofile.default'))&lt;/small&gt;
-        #else
-          $doc.display('timezone')
-        #end
-      #end
+      #unwrapXPropertyDisplay($doc.display('timezone'))
     #else
-      #displaySelectField($fieldName, $default)
+      #displaySelectField($fieldName, $defaultValue)
     #end
   &lt;/dd&gt;
 #end
 ###############################
 ##      DISPLAY FIELDS
 ###############################
-#macro(displayFields)
-{{html}}
-  &lt;div class="#if($xcontext.action == 'view')half #{else}full #{end}column xform"&gt;
+#macro (displayFields)
+{{html clean="false"}}
+  &lt;div class="#if ($xcontext.action == 'view')half #{else}full #{end}column xform"&gt;
     &lt;div class="userPreferences"&gt;
-      #if($xcontext.action == 'view' &amp;&amp; $hasEdit)
+      #if ($xcontext.action == 'view' &amp;&amp; $hasEdit)
         &lt;div class="editProfileCategory"&gt;
-          &lt;a title="$escapetool.xml($services.localization.render('platform.core.profile.category.preferences.edit'))"
+          &lt;a title="$!escapetool.xml($services.localization.render('platform.core.profile.category.preferences.edit'))"
               href="$doc.getURL('edit', 'category=preferences')" class="btn btn-xs"&gt;
             &lt;span class="action-icon"&gt;$services.icon.renderHTML('pencil')&lt;/span&gt;
-            &lt;span class='sr-only'&gt;$escapetool.xml($services.localization.render('platform.core.profile.category.preferences.edit'))&lt;/span&gt;
+            &lt;span class='sr-only'&gt;$!escapetool.xml($services.localization.render(
+              'platform.core.profile.category.preferences.edit'))&lt;/span&gt;
           &lt;/a&gt;
         &lt;/div&gt;
       #end
-      &lt;h1&gt;$services.localization.render('platform.core.profile.section.displayPreferences')&lt;/h1&gt;
+      &lt;h1&gt;$escapetool.xml($services.localization.render('platform.core.profile.section.displayPreferences'))&lt;/h1&gt;
       &lt;dl&gt;
         #displayField('displayHiddenDocuments', 'platform.core.profile.displayHiddenDocuments', '0')
         #displayField('accessibility'         , 'platform.core.profile.enableAccessibility'   , '0')
       &lt;/dl&gt;
-      &lt;h1&gt;$services.localization.render('platform.core.profile.section.localizationPreferences')&lt;/h1&gt;
+      &lt;h1&gt;$escapetool.xml($services.localization.render('platform.core.profile.section.localizationPreferences'))&lt;/h1&gt;
       &lt;dl&gt;
         #set ($defaultValue = $xwiki.getXWikiPreference('timezone'))
+        ## If the default value is empty (nothing has been set by the administrator), the fallback is the timezone of
+        ## the server. But we won't display the "System Default" option, which is technical (it supposes the user knows
+        ## there is a server with its own timezone, etc.).
+        #if ("$!defaultValue" == '')
+          #set ($defaultValue = $xwiki.jodatime.serverTimezone)
+        #end
         #displayField('timezone'              , 'platform.core.profile.timezone'              , $defaultValue)
       &lt;/dl&gt;
-      &lt;h1&gt;$services.localization.render('platform.core.profile.section.editorPreferences')&lt;/h1&gt;
+      &lt;h1&gt;$escapetool.xml($services.localization.render('platform.core.profile.section.editorPreferences'))&lt;/h1&gt;
       &lt;dl&gt;
         #set ($defaultValue = $xwiki.getXWikiPreference('editor'))
         #if ("$!defaultValue" == '')
@@ -306,7 +303,7 @@
         #displayField('editor'                , 'platform.core.profile.editor'                , $defaultValue)
         #displayField('usertype'              , 'platform.core.profile.userType'              , 'Simple')
       &lt;/dl&gt;
-      &lt;h1&gt;$services.localization.render('platform.core.profile.section.extensionPreferences')&lt;/h1&gt;
+      &lt;h1&gt;$escapetool.xml($services.localization.render('platform.core.profile.section.extensionPreferences'))&lt;/h1&gt;
       &lt;dl&gt;
         #set ($defaultValue = $xwiki.getXWikiPreference('extensionConflictSetup'))
         #if ("$!defaultValue" == '')
@@ -316,17 +313,20 @@
       &lt;/dl&gt;
     &lt;/div&gt;
   &lt;/div&gt;
-  #set($isMyProfile = ($xwiki.getDocument($xcontext.user).prefixedFullName == $doc.prefixedFullName))
-  #if(($isMyProfile || $hasAdmin) &amp;&amp; ($xcontext.action == 'view') &amp;&amp; !$doc.getObject('XWiki.LDAPProfileClass'))
+  #set ($isMyProfile = $xwiki.getDocument($xcontext.user).prefixedFullName == $doc.prefixedFullName)
+  #if (($isMyProfile || $hasAdmin) &amp;&amp; $xcontext.action == 'view' &amp;&amp; !$doc.getObject('XWiki.LDAPProfileClass'))
     &lt;div class="half column"&gt;
       &lt;div class="passwordManagement"&gt;
-        &lt;h1&gt;$services.localization.render('platform.core.profile.section.security')&lt;/h1&gt;
-        &lt;span class="buttonwrapper"&gt;&lt;a id="changePassword" href="$doc.getURL('view', 'xpage=passwd')"&gt;$services.localization.render('platform.core.profile.changePassword')&lt;/a&gt;&lt;/span&gt;
+        &lt;h1&gt;$escapetool.xml($services.localization.render('platform.core.profile.section.security'))&lt;/h1&gt;
+        &lt;span class="buttonwrapper"&gt;
+          &lt;a id="changePassword" href="$doc.getURL('view', 'xpage=passwd')"&gt;$escapetool.xml(
+            $services.localization.render('platform.core.profile.changePassword'))&lt;/a&gt;
+        &lt;/span&gt;
       &lt;/div&gt;
     &lt;/div&gt;
   #end
   &lt;div class="clearfloats"&gt;&amp;nbsp;&lt;/div&gt;
-{{/html}}##
+{{/html}}
 #end
 {{/velocity}}</content>
     </property>
@@ -340,7 +340,7 @@
       <parameters>id=preferences
 icon=wrench
 # isActive: The user is seeing her own profile or the user is an admin.
-isActive=#if(($services.model.resolveDocument($xcontext.user) == $doc.documentReference) || $hasAdmin)true#{else}false#end
+isActive=#if ($xcontext.userReference == $doc.documentReference || $hasAdmin)true#{else}false#end
 priority=20</parameters>
     </property>
     <property>

@@ -0,0 +1,134 @@
+/*
+ * See the NOTICE file distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.xwiki.user.profile;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.nodes.Element;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.xwiki.bridge.event.DocumentCreatedEvent;
+import org.xwiki.component.manager.ComponentManager;
+import org.xwiki.component.wiki.internal.bridge.DefaultWikiObjectComponentManagerEventListener;
+import org.xwiki.model.reference.DocumentReference;
+import org.xwiki.observation.EventListener;
+import org.xwiki.rendering.RenderingScriptServiceComponentList;
+import org.xwiki.rendering.internal.configuration.DefaultRenderingConfigurationComponentList;
+import org.xwiki.security.authorization.AuthorizationManager;
+import org.xwiki.test.annotation.ComponentList;
+import org.xwiki.test.page.HTML50ComponentList;
+import org.xwiki.test.page.PageTest;
+import org.xwiki.test.page.XWikiSyntax20ComponentList;
+import org.xwiki.uiextension.script.UIExtensionScriptServiceComponentList;
+
+import com.xpn.xwiki.doc.XWikiDocument;
+import com.xpn.xwiki.internal.mandatory.XWikiUsersDocumentInitializer;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.when;
+
+/**
+ * Page test of {@code XWiki.XWikiUserSheet} that is used to display the user profile.
+ * 
+ * @version $Id$
+ * @since 14.10.5
+ * @since 15.1RC1
+ */
+@HTML50ComponentList
+@XWikiSyntax20ComponentList
+@RenderingScriptServiceComponentList
+@DefaultRenderingConfigurationComponentList
+@UIExtensionScriptServiceComponentList
+@ComponentList({XWikiUsersDocumentInitializer.class})
+class UserProfilePageTest extends PageTest
+{
+    private static final DocumentReference USER_SHEET = new DocumentReference("xwiki", "XWiki", "XWikiUserSheet");
+
+    private static final DocumentReference USER_PREFERENCES_SHEET =
+        new DocumentReference("xwiki", "XWiki", "XWikiUserPreferencesSheet");
+
+    private static final DocumentReference ADMIN_REFERENCE = new DocumentReference("xwiki", "XWiki", "Admin");
+
+    private static final DocumentReference ALICE_REFERENCE = new DocumentReference("xwiki", "XWiki", "alice");
+
+    @BeforeEach
+    void setUp() throws Exception
+    {
+        // Initialize the XWiki.XWikiUsers class (required in order to be able to display user properties).
+        this.xwiki.initializeMandatoryDocuments(this.context);
+
+        AuthorizationManager authorizationManager =
+            this.componentManager.registerMockComponent(AuthorizationManager.class);
+        when(authorizationManager.hasAccess(any(), eq(ADMIN_REFERENCE), any())).thenReturn(true);
+
+        // Register the user profile UI extensions at wiki level (requires administration rights).
+        this.componentManager.registerComponent(ComponentManager.class, "wiki", this.componentManager);
+        this.context.setUserReference(ADMIN_REFERENCE);
+        registerUIX(USER_PREFERENCES_SHEET);
+    }
+
+    @Test
+    void timeZoneDisplay() throws Exception
+    {
+        Map<String, Object> userProperties = new HashMap<>();
+        userProperties.put("timezone", "Europe/<em>Bucharest</em>");
+        createUser(userProperties);
+
+        Document dom = renderSheet(USER_SHEET);
+        Element timeZone = dom.selectFirst(".userPreferences dd[data-user-property='timezone']");
+        assertEquals(userProperties.get("timezone"), timeZone.text());
+    }
+
+    private void registerUIX(DocumentReference documentReference) throws Exception
+    {
+        XWikiDocument document = loadPage(documentReference);
+
+        // The event listeners are not registered by default. We trigger it manually so that the UIX is registered and
+        // can be found and rendered.
+        this.componentManager
+            .<EventListener>getInstance(EventListener.class,
+                DefaultWikiObjectComponentManagerEventListener.EVENT_LISTENER_NAME)
+            .onEvent(new DocumentCreatedEvent(), document, null);
+    }
+
+    private XWikiDocument createUser(Map<String, Object> userProperties) throws Exception
+    {
+        this.xwiki.createUser(ALICE_REFERENCE.getName(), userProperties, this.context);
+        XWikiDocument userDocument = this.xwiki.getDocument(ALICE_REFERENCE, this.context);
+
+        // Setup the script context as if we are logged in with the created user on its user profile.
+        this.context.setDoc(userDocument);
+        this.context.setUserReference(ALICE_REFERENCE);
+
+        return userDocument;
+    }
+
+    private Document renderSheet(DocumentReference sheetReference) throws Exception
+    {
+        XWikiDocument sheet = loadPage(sheetReference);
+
+        return Jsoup.parse(sheet.getRenderedContent(this.context));
+    }
+}

@@ -17,22 +17,28 @@
 ## Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 ## 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 ## ---------------------------------------------------------------------------
-#if ($type == 'edit' || $type == 'search')
-  #if($xwiki.jodatime)
-    <select id='$prefix$name' name='$prefix$name'>
-      <option value="" #if($value == $tz)selected="selected"#end>$services.localization.render('XWiki.XWikiPreferences_timezone_default')</option>
-      #foreach($tz in $xwiki.jodatime.getServerTimezone().getAvailableIDs())
-        <option value="$tz" #if($value == $tz)selected="selected"#end>$tz</option>
+#if ($type == 'edit' || $type == 'search' || $type == 'hidden')
+  #set ($escapedId = $escapetool.xml("${prefix}${name}"))
+  #if ($xwiki.jodatime && $type != 'hidden')
+    <select id="$!escapedId" name="$!escapedId">
+      <option value="">$!escapetool.xml($services.localization.render(
+        'XWiki.XWikiPreferences_timezone_default'))</option>
+      #foreach ($timeZoneId in $xwiki.jodatime.getServerTimezone().getAvailableIDs())
+        <option value="$!escapetool.xml($timeZoneId)"#if ($value == $timeZoneId) selected#end
+          >$!escapetool.xml($timeZoneId)</option>
       #end
     </select>
   #else
-    <input id='$prefix$name' name='$prefix$name' type="text" value="$!value"/>
+    #set ($inputType = "#if ($type == 'hidden')hidden#{else}text#end")
+    <input id="$!escapedId" name="$!escapedId" type="$!escapetool.xml($inputType)" value="$!escapetool.xml($value)" />
   #end
 #elseif ($type == 'view' || $type == 'rendered')
-$!value
-#elseif ($type == 'hidden')
-  #set ($id = $escapetool.xml("${prefix}${name}"))
-  <input type="hidden" id="$!id" name="$!id" value="$!escapetool.xml($value)" />
+## $defaultValue may be set before calling the displayer.
+#if ("$!value" == '' && "$!defaultValue" != '')
+$!escapetool.xml($defaultValue) <small>($escapetool.xml($services.localization.render('userprofile.default')))</small>
+#else
+$!escapetool.xml($value)
+#end
 #else
   ## In order for the custom displayer to be taken into account, the result of its evaluation with an unknown display
   ## mode must not be empty. Let's output something.

@@ -3017,4 +3017,18 @@ Recursive title display detected!##
 #else
 #setVariable("$resultValue" '')
 #end
+#end
+
+#**
+ * The output of the api.Document#display(...) methods is wrapped in an HTML (wiki syntax) rendering macro if it contains
+ * HTML special characters or if it tries to close the outer HTML macro. This can be annoying when the output is going to
+ * be insered in another HTML macro with wiki syntax disabled, or if the output is meant to be included in a JSON and
+ * thus used on the client-side where we can't render the wiki syntax. For these use cases we need to get rid of the HTML
+ * macro wrapping.
+ *
+ * @since 14.10.5
+ * @since 15.1RC1
+ *#
+#macro (unwrapXPropertyDisplay $displayOutput)
+$!stringtool.removeEnd($stringtool.removeStart($displayOutput, '{{html clean="false" wiki="false"}}'), '{{/html}}')##
 #end
\ No newline at end of file

@@ -415,7 +415,7 @@
       #set($propType = "$!propClass.get($colname).type")
     #end
     #set($fieldValue = "$!itemDoc.getValue($colname)")
-    #set($fieldDisplayValue = "$!itemDoc.display($colname, 'view')")
+    #set($fieldDisplayValue = "#unwrapXPropertyDisplay($itemDoc.display($colname, 'view'))")
     #if($fieldDisplayValue == '')
       #set($fieldDisplayValue = $services.localization.render("${request.transprefix}emptyvalue"))
     #end
@@ -427,7 +427,7 @@
         #set($fieldUrl = '')
       #end
     #end
-    #set($discard = $row.put($colname, $fieldDisplayValue.replaceFirst($regextool.quote('{{html clean="false" wiki="false"}}'), '').replaceAll("$regextool.quote('{{/html}}')$", '')))
+    #set($discard = $row.put($colname, $fieldDisplayValue))
     #set($discard = $row.put("${colname}_value", $fieldValue))
     ######## WIKI UI MAINWIKI CUSTOMIZATION #########
     #if($colname == 'wikiprettyname')