Description

This article describes an issue where the FortiGate admin pre-login page displays raw HTML code instead of rendering the 'Pre-login Disclaimer Message' as intended, despite the message format being set to HTML.

Scope

FortiGate v7.2.11, v7.4.8, v7.6.3.

Solution

When a basic HTML pre-login disclaimer is defined, the FortiGate GUI displays the raw HTML code on the login page instead of rendering the formatted message.

For example, defining the following basic HTML pre-login disclaimer causes the login page to display the raw HTML code instead of rendering it.

tau-kvm171 config system replacemsg admin pre_admin-disclaimer-text

tau-kvm171 (pre_admin-discla~ext) show
config system replacemsg admin "pre_admin-disclaimer-text"
set buffer "<!DOCTYPE html>
<html lang=\\\"en\\\">
<head>
Test
</head>
<body>
Test
</body>
</html>"
set header http
set format HTML <----- Format changed to HTML using CLI.
end

config system global
    set pre-login-banner enable <----- Pre-login should be enabled.
end

After accessing the FortiGate, it displays the following raw HTML code:

The issue has been reported with a known issue ID 1153294 and is fixed in v7.6.4, v7.4.9.