[TYPO3-dev] t3lib_div::removeXSS() slowing down output
Jigal van Hemert
jigal at xs4all.nl
Sat Sep 27 01:14:13 CEST 2008
When air_filemanager (a FE interface for DAM files) displays a list of
files in a directory it initialises an object for each file. This
initialisation includes calling removeXSS() (a local copy of the
function is used for some reason) for each field in the DAM meta data of
that file. This results in a processing time of around 0.25 second per
file! With 80+ files in a directory a page takes 20-30 second to be
generated...
One of the things I noticed is that t3lib_div::removeXSS() is very
inefficient in detecting and replacing potential threads.
Another thing is that I wonder whether it should be called for every
field of meta data while creating the output for a list of files?
Is meta data filtered when you enter DAM meta information the T3
backend? If that is the case, isn't it enough to filter data when you
upload new file data in the frontend?
--
Jigal van Hemert.
More information about the TYPO3-dev
mailing list