|Status||LEGACY This tutorial applies to Confluence versions that have reached end of life.|
In Confluence 4.0, the new XHTML renderer no longer has a 'render mode' for escaping the bodies passed to the macros with a plain text body, meaning that they will have to be escaped by the macro themselves.
You can use the static method in order to escape the body of plain text, see the javadoc below for usage.
You will note in the above javadoc for that quote is referred to as a special character in HTML. This is not strictly true (see the specification) yet the quote does require special handling in order to prevent XSS attacks. Using something like instead of will result in vulnerabilities as discussed in Apache Foundation issue LANG-572.