Benni Mack
authored
Since HTML Sanitizer was introduced, lib.parseFunc does "transformations", instead of ensuring that HTML is "safe", which wasn't possible anyways (that was one of the reasons why htmlSanitize is introduced). A quick explanation to the existing functionality of allowTags and denyTags: * If parseFunc stumbles across a tag, which is NOT a typotag (tags.a for example), and NOT an external block, it will be checked if it is in "allowTags" or NOT in "denyTags", then it gets rendered, otherwise the tag including its contents is htmlspecialchar'ed. The tags are thus NOT removed, but instead hsced. In order to simplify the process, allowTags and denyTags can now be omitted, with the following result: If allowTags = a,b,em... ONLY these tags are allowed, and denyTags does not matter anymore already. allowTags can now be set to "*", thus denyTags can be used to mark explicitly use "denyTags". It now makes little sense to define allowTags AND den...
| Name | Last commit | Last update |
|---|---|---|
| .. | ||
| Aspect | ||
| Authentication | ||
| Cache | ||
| Category/Collection | ||
| Content | ||
| ContentObject | ||
| Controller | ||
| DataProcessing | ||
| Event | ||
| EventListener | ||
| Html | ||
| Http | ||
| Imaging | ||
| Middleware | ||
| Page | ||
| Preview | ||
| Resource | ||
| Typolink | ||
| Utility | ||
| Exception.php | ||
| ServiceProvider.php | ||