From cd35bbd54502a7fd46c9f87ce758af7907f5a56c Mon Sep 17 00:00:00 2001
From: Wouter Wolters <typo3@wouterwolters.nl>
Date: Thu, 26 May 2016 20:50:36 +0200
Subject: [PATCH] [TASK] Deprecate removeBadHTML

Resolves: #15415
Releases: master
Change-Id: Iac92d6d36e2a84b069fa7c4a17d2dc567d952309
Reviewed-on: https://review.typo3.org/48301
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
---
 ...precation-15415-DeprecateRemoveBadHTML.rst | 31 +++++++++++++++++++
 .../ContentObject/ContentObjectRenderer.php   |  2 ++
 2 files changed, 33 insertions(+)
 create mode 100644 typo3/sysext/core/Documentation/Changelog/master/Deprecation-15415-DeprecateRemoveBadHTML.rst

diff --git a/typo3/sysext/core/Documentation/Changelog/master/Deprecation-15415-DeprecateRemoveBadHTML.rst b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-15415-DeprecateRemoveBadHTML.rst
new file mode 100644
index 000000000000..a9ed1b87fba2
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-15415-DeprecateRemoveBadHTML.rst
@@ -0,0 +1,31 @@
+=============================================
+Deprecation: #15415 - Deprecate removeBadHTML
+=============================================
+
+Description
+===========
+
+Due to the wrong approach of removeBadHTML it is not 100% complete and does not keep its promise.
+
+- :php:``ContentObjectRenderer::removeBadHTML()``
+- :typoscript:``stdWrap.removeBadHTML``
+
+
+Impact
+======
+
+Using the mentioned method or stdWrap property will trigger a deprecation log entry.
+
+
+Affected Installations
+======================
+
+Instances that use the method or stdWrap property.
+
+
+Migration
+=========
+
+Implement a proper encoding by yourself. Use :php:``htmlspecialchars()`` or :typoscript:``stdWrap.htmlSpecialChars``
+in the context of HTML, :php:``GeneralUtility::quoteJSvalue()`` or :typoscript:``stdWrap.encodeForJavaScriptValue``
+in the context of JavaScript.
diff --git a/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php b/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
index 2ec93fdbd0c6..bac00bd00e30 100644
--- a/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
+++ b/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
@@ -4033,9 +4033,11 @@ class ContentObjectRenderer
      *
      * @param string $text Input string to be cleaned.
      * @return string Return string
+     * @deprecated since TYPO3 v8, will be removed in TYPO3 v9
      */
     public function removeBadHTML($text)
     {
+        GeneralUtility::logDeprecatedFunction();
         // Copyright 2002-2003 Thomas Bley
         $text = preg_replace(array(
             '\'<script[^>]*?>.*?</script[^>]*?>\'si',
-- 
GitLab