[TYPO3-dev] t3lib_div::removeXSS() slowing down output
Marcus Krause
marcus#exp2008 at t3sec.info
Sat Sep 27 14:07:35 CEST 2008
Jigal van Hemert schrieb am 27.09.2008 01:14 Uhr:
> When air_filemanager (a FE interface for DAM files) displays a list
> of files in a directory it initialises an object for each file. This
> initialisation includes calling removeXSS() (a local copy of the
> function is used for some reason)
Well, a local copy of removeXSX() is used to provide this functionality
for TYPO3 versions prior to 4.2!
> [...]
> Is meta data filtered when you enter DAM meta information the T3
> backend? If that is the case, isn't it enough to filter data
> when you upload new file data in the frontend?
I guess, it's not sanitized when entering meta data in BE. Nevertheless
meta data find it's way into database not only by an author filling form
fields in the BE.
Think of
* automatically processing images and their meta data
* uploads from the frontend
* etc..
Therefore sanitizing is needed every time when displaying records.
Maybe some way of caching could help.
As you've been working on removeXSS(), I'd like to point you to bug
#8978 [1]. I guess nobody would object when removeXSS() gets improved.
;-)
Regards,
Marcus.
[1] http://bugs.typo3.org/view.php?id=8978
--
Member TYPO3 Security Team
Jabber: mkrau at jabber.tu-clausthal.de
Skype: magkes
Phone: +49-511-XXXXXXX
Mobile: +49-176-XXXXXXXX
More information about the TYPO3-dev
mailing list