From b98a971535c37e3c1dc82038f9784ae98e488e28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chris=20M=C3=BCller?= <typo3@krue.ml>
Date: Fri, 13 Jan 2023 18:49:29 +0100
Subject: [PATCH] [DOCS] Add hint to HtmlViewHelper about avoiding usage in
 backend context

The docblock of the class is rendered for documentation, see:
https://docs.typo3.org/other/typo3/view-helper-reference/main/en-us/typo3/fluid/latest/Format/Html.html

This information should therefore be mentioned.

Related: #99031
Resolves: #99536
Resolves: https://github.com/TYPO3-Documentation/Changelog-To-Doc/issues/250
Releases: main, 11.5
Change-Id: I6f21710975a8916e27cdcd38c0bcb83a129319ea
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77380
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
---
 .../fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php       | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php
index 6d2792457b34..d76874873048 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php
@@ -34,6 +34,10 @@ use TYPO3Fluid\Fluid\Core\ViewHelper\Traits\CompileWithRenderStatic;
  * You can either specify a path to the TypoScript setting or set the `parseFunc`_ options directly.
  * By default :typoscript:`lib.parseFunc_RTE` is used to parse the string.
  *
+ * The view helper must not be used in backend context, as it triggers frontend logic.
+ * Instead, use :html:`<f:sanitize.html />` to secure a given HTML string or :html:`<f:transform.html />`
+ * to parse links in HTML.
+ *
  * Examples
  * ========
  *
-- 
GitLab