Skip to content
Snippets Groups Projects
Select Git revision
  • 12.4
  • main default
  • 11.5
  • 13.3
  • l10n_main
  • 13.1
  • 13.0
  • l10n_12.4
  • 10.4
  • 12.1
  • 9.5
  • 11.3
  • master
  • 11.1
  • TYPO3_8-7
  • 10.2
  • 9.3
  • 9.2
  • TYPO3_7-6
  • TYPO3_7-0
  • v13.3.1
  • v12.4.21
  • v11.5.40
  • v13.3.0
  • v12.4.20
  • v12.4.19
  • v12.4.18
  • v11.5.39
  • v12.4.17
  • v13.2.1
  • v13.2.0
  • v12.4.16
  • v11.5.38
  • v13.1.1
  • v12.4.15
  • v11.5.37
  • v13.1.0
  • v12.4.14
  • v12.4.13
  • v12.4.12
40 results
Compare History
user avatar
[FEATURE] Make parseFunc allowTags and denyTags optional
Benni Mack authored 
Since HTML Sanitizer was introduced, lib.parseFunc does
"transformations", instead of ensuring that HTML is
"safe", which wasn't possible anyways (that was one
of the reasons why htmlSanitize is introduced).

A quick explanation to the existing functionality
of allowTags and denyTags:

* If parseFunc stumbles across a tag, which is NOT
  a typotag (tags.a for example), and NOT an external
  block, it will be checked if it is in "allowTags"
  or NOT in "denyTags", then it gets rendered, otherwise
  the tag including its contents is htmlspecialchar'ed.

The tags are thus NOT removed, but instead hsced.

In order to simplify the process, allowTags and denyTags
can now be omitted, with the following result:

If allowTags = a,b,em... ONLY these tags are allowed,
and denyTags does not matter anymore already.

allowTags can now be set to "*", thus denyTags can be
used to mark explicitly use "denyTags".

It now makes little sense to define allowTags AND
den...
4da2551c
Name Last commit Last update
..