From cd0fa02ca930a79e0460093330fe50732b1dfaea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20E=C3=9Fl?= <indy.essl@gmail.com>
Date: Sat, 7 Mar 2020 19:35:36 +0100
Subject: [PATCH] [BUGFIX] Escape html tags in cshmanual content

Parts of the cshmanual were never shown, because a language variable
contained a <title> tag, that made the browser hide all of the manual
content after that tag.

Resolves: #90675
Releases: master, 9.5
Change-Id: I2d9cf15153f80bd5d0d8ed8cd0864807f30d31f1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63607
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
---
 .../Resources/Private/Partials/ContextSensitiveHelp/Manual.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/typo3/sysext/backend/Resources/Private/Partials/ContextSensitiveHelp/Manual.html b/typo3/sysext/backend/Resources/Private/Partials/ContextSensitiveHelp/Manual.html
index cb6025c11972..e08b0830bf12 100644
--- a/typo3/sysext/backend/Resources/Private/Partials/ContextSensitiveHelp/Manual.html
+++ b/typo3/sysext/backend/Resources/Private/Partials/ContextSensitiveHelp/Manual.html
@@ -1,7 +1,7 @@
 <a id="{manual.table}{f:if(condition:manual.field,then:'.{manual.field}')}"></a>
 
 <h2>{manual.headerLine}</h2>
-<p>{manual.content -> f:format.raw()}</p>
+<p>{manual.content -> f:format.htmlentities() -> f:format.raw()}</p>
 
 <f:if condition="{manual.configuration.details}">
     <h3><f:translate key="LLL:EXT:backend/Resources/Private/Language/locallang_view_help.xlf:details" /></h3>
-- 
GitLab