From fac14109df2d5b82591a872369fa04e6f4d998ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chris=20M=C3=BCller?= <typo3@krue.ml>
Date: Fri, 13 Jan 2023 18:49:29 +0100
Subject: [PATCH] [DOCS] Add hint to HtmlViewHelper about avoiding usage in
 backend context

The docblock of the class is rendered for documentation, see:
https://docs.typo3.org/other/typo3/view-helper-reference/main/en-us/typo3/fluid/latest/Format/Html.html

This information should therefore be mentioned.

Related: #99031
Resolves: #99536
Resolves: https://github.com/TYPO3-Documentation/Changelog-To-Doc/issues/250
Releases: main, 11.5
Change-Id: I6f21710975a8916e27cdcd38c0bcb83a129319ea
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77436
Tested-by: core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>
---
 .../fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php       | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php
index 8336df20d044..91d8b839e744 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php
@@ -28,6 +28,10 @@ use TYPO3Fluid\Fluid\Core\ViewHelper\Traits\CompileWithRenderStatic;
  * You can either specify a path to the TypoScript setting or set the `parseFunc`_ options directly.
  * By default :typoscript:`lib.parseFunc_RTE` is used to parse the string.
  *
+ * The view helper must not be used in backend context, as it triggers frontend logic.
+ * Instead, use :html:`<f:sanitize.html />` to secure a given HTML string or :html:`<f:transform.html />`
+ * to parse links in HTML.
+ *
  * Examples
  * ========
  *
-- 
GitLab