[BUGFIX] Prevent XSS in ViewHelpers
This patch removes wrongly introduced missing escaping in ViewHelpers and adds some documentation about escaping settings. Resolves: #75016 Releases: master Change-Id: If0dbd8a5f7506a78238e6245b1a6f568ec7b3e27 Reviewed-on: https://review.typo3.org/47193 Reviewed-by:Wouter Wolters <typo3@wouterwolters.nl> Reviewed-by:
Mathias Schreiber <mathias.schreiber@wmdb.de> Tested-by:
Jigal van Hemert <jigal.van.hemert@typo3.org> Tested-by:
Michael Oehlhof <typo3@oehlhof.de> Reviewed-by:
Daniel Goerz <ervaude@gmail.com> Reviewed-by:
Helmut Hummel <helmut.hummel@typo3.org> Tested-by:
Showing
- typo3/sysext/fluid/Classes/ViewHelpers/CObjectViewHelper.php 1 addition, 0 deletionstypo3/sysext/fluid/Classes/ViewHelpers/CObjectViewHelper.php
- typo3/sysext/fluid/Classes/ViewHelpers/CaseViewHelper.php 0 additions, 5 deletionstypo3/sysext/fluid/Classes/ViewHelpers/CaseViewHelper.php
- typo3/sysext/fluid/Classes/ViewHelpers/DebugViewHelper.php 6 additions, 2 deletionstypo3/sysext/fluid/Classes/ViewHelpers/DebugViewHelper.php
- typo3/sysext/fluid/Classes/ViewHelpers/Format/DateViewHelper.php 2 additions, 5 deletions...ysext/fluid/Classes/ViewHelpers/Format/DateViewHelper.php
- typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php 4 additions, 0 deletions...ysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php
- typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlentitiesViewHelper.php 4 additions, 0 deletions...uid/Classes/ViewHelpers/Format/HtmlentitiesViewHelper.php
- typo3/sysext/fluid/Classes/ViewHelpers/Format/StripTagsViewHelper.php 4 additions, 0 deletions.../fluid/Classes/ViewHelpers/Format/StripTagsViewHelper.php
- typo3/sysext/fluid/Classes/ViewHelpers/Format/UrlencodeViewHelper.php 5 additions, 0 deletions.../fluid/Classes/ViewHelpers/Format/UrlencodeViewHelper.php
Please register or sign in to comment