diff --git a/composer.json b/composer.json
index 6344cd143939a50aa2c90694f5a6a1d96d8bd8a2..1cf3959f53175d2ab1d608dd62df5e07be0e532d 100644
--- a/composer.json
+++ b/composer.json
@@ -83,7 +83,7 @@
"typo3/class-alias-loader": "^1.0",
"typo3/cms-cli": "^3.0",
"typo3/cms-composer-installers": "^2.0 || ^3.0",
- "typo3/html-sanitizer": "^2.0.9",
+ "typo3/html-sanitizer": "^2.0.10",
"typo3/phar-stream-wrapper": "^3.1.6",
"typo3/symfony-psr-event-dispatcher-adapter": "^1.0 || ^2.0",
"typo3fluid/fluid": "^2.7.0"
diff --git a/composer.lock b/composer.lock
index de3cb1b83645f64ffe6575c35f2b3dfbffba340b..e3dfdf304e40844c3af22a546fc71c136817398a 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "1829a3e70a84bfe469ad61f6b1a372e8",
+ "content-hash": "5f735b56f523e7891b4c7a42c483dcdb",
"packages": [
{
"name": "bacon/bacon-qr-code",
@@ -4925,16 +4925,16 @@
},
{
"name": "typo3/html-sanitizer",
- "version": "v2.0.9",
+ "version": "v2.0.10",
"source": {
"type": "git",
"url": "https://github.com/TYPO3/html-sanitizer.git",
- "reference": "5dfd055b3d62a505d6dd8381f3145d17147ceb6d"
+ "reference": "b9267c3b19ae1271b6c3f676f287e778977ca324"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/TYPO3/html-sanitizer/zipball/5dfd055b3d62a505d6dd8381f3145d17147ceb6d",
- "reference": "5dfd055b3d62a505d6dd8381f3145d17147ceb6d",
+ "url": "https://api.github.com/repos/TYPO3/html-sanitizer/zipball/b9267c3b19ae1271b6c3f676f287e778977ca324",
+ "reference": "b9267c3b19ae1271b6c3f676f287e778977ca324",
"shasum": ""
},
"require": {
@@ -4970,9 +4970,9 @@
"description": "HTML sanitizer aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.",
"support": {
"issues": "https://github.com/TYPO3/html-sanitizer/issues",
- "source": "https://github.com/TYPO3/html-sanitizer/tree/v2.0.9"
+ "source": "https://github.com/TYPO3/html-sanitizer/tree/v2.0.10"
},
- "time": "2021-08-16T10:44:16+00:00"
+ "time": "2021-08-25T11:05:47+00:00"
},
{
"name": "typo3/phar-stream-wrapper",
diff --git a/typo3/sysext/core/Tests/Functional/DataHandling/DataHandler/SecurityTest.php b/typo3/sysext/core/Tests/Functional/DataHandling/DataHandler/SecurityTest.php
index 96cb9c6bff90e6bc96f645ef860567fe9c5ce4d8..fe51ab498bf4d59f1c2e81a212687cdecfb74d4a 100644
--- a/typo3/sysext/core/Tests/Functional/DataHandling/DataHandler/SecurityTest.php
+++ b/typo3/sysext/core/Tests/Functional/DataHandling/DataHandler/SecurityTest.php
@@ -193,7 +193,7 @@ class SecurityTest extends FunctionalTestCase
'<font face="a" color="b" onmouseover="alert(1);">text</font>'
. '<img src="x" alt="test" onerror="alert(2)">',
[
- '<font face="a" color="b" onmouseover="alert(1);">text</font>'
+ '<font face="a" color="b">text</font>'
. '<img src="x" alt="test">',
// @todo "expected" for the time being without using HTML Sanitizer
'<font face="a" color="b" onmouseover="alert(1);">text</font>'
@@ -206,7 +206,7 @@ class SecurityTest extends FunctionalTestCase
. '<img src="x" alt="test" onerror="alert(2)">'
. '</p>',
[
- '<p><font face="a" color="b" onmouseover="alert(1);">text</font>'
+ '<p><font face="a" color="b">text</font>'
. '<img src="x" alt="test"></p>',
// @todo "expected" for the time being without using HTML Sanitizer
'<p><font face="a" color="b" onmouseover="alert(1);">text</font>'
diff --git a/typo3/sysext/core/composer.json b/typo3/sysext/core/composer.json
index cf7f9508e2c3dd14bc0b55fae17810ccde18e24f..d2f605e0a5596e06888293ddb1d053041b88366c 100644
--- a/typo3/sysext/core/composer.json
+++ b/typo3/sysext/core/composer.json
@@ -67,7 +67,7 @@
"typo3/class-alias-loader": "^1.0",
"typo3/cms-cli": "^3.0",
"typo3/cms-composer-installers": "^2.0 || ^3.0",
- "typo3/html-sanitizer": "^2.0.9",
+ "typo3/html-sanitizer": "^2.0.10",
"typo3/phar-stream-wrapper": "^3.1.6",
"typo3/symfony-psr-event-dispatcher-adapter": "^1.0 || ^2.0",
"typo3fluid/fluid": "^2.7.0"