[TYPO3-dev] Re: typo3 6.2.16, security fix - Escape caption
Alex Tuveri
at at uniud.it
Tue Dec 22 10:45:56 CET 2015
HI
thank you for the answer, I yet understood that the problem was related to BE user that could inject evil code.
Ok, I found my personal solution, so I can limit some tags and attributes only for the home page, so that a normal editor cannot inject code into the other pages:
[treeLevel = 0]
tt_content.image.20.caption.1.1.htmlSpecialChars = 0
tt_content.image.20.caption.1.1.stdWrap {
HTMLparser =1
HTMLparser {
allowTags = h1,h2,p,span,br,a
noAttrib = b, br, h1, h2, h3, i, li, ol, p, u, ul
removeTags =
tags.a.allowedAttribs = href,title,target,class
}
}
[end]
I do not know if this can slow the rendering, however can be a possible solution!
More information about the TYPO3-dev
mailing list