[TYPO3-english] Page title with GPvar
Tobias Dörner
hermes1 at web.de
Fri Jul 16 11:37:48 CEST 2010
Thx Dimtry, Thx JoH,
@Dimtry
http://example.com/index.php?id=12345&tx_myextension_pi1[keyword]=takeAnothe
rKeyword :)
http://whatever.com/takeAnotherKeyword.html
Second version i have already had. also the first. it is actually on.
At the first version the in the extension integrated page browser had a
different url like the url itself was because of masking by cooluri. thats
why cooluri now is deactivated for this site and the first version is on.
But thats not the solution for the dynamically generated metas. Now i will
try JoHs example.
Thanks a lot for help.
Bye
Tobi
-----Ursprüngliche Nachricht-----
Von: typo3-english-bounces at lists.typo3.org
[mailto:typo3-english-bounces at lists.typo3.org] Im Auftrag von Dmitry Dulepov
Gesendet: Freitag, 16. Juli 2010 11:24
An: typo3-english at lists.typo3.org
Betreff: Re: [TYPO3-english] Page title with GPvar
Hi!
JoH asenau wrote:
> Not another but an improved version:
>
> headerData.5 = TEXT
> headerData.5 {
> data = GPvar:tx_myextension_pi1|keyword
> htmlSpecialChars = 1
> wrap = <title>|</title>
> }
What about calling the page as
http://example.com/index.php?id=12345&tx_myextension_pi1[keyword]=sex-pills-
http://whatever.com/sexpills.html
:D
What I want to say that it is never safe to display any data like that.
Technically JoH is right: no XSS but the idea is flawed.
I think the question was wrong
(http://dmitry-dulepov.com/article/asking-proper-questions.html). What
exactly was the purpose? What wants to be achieved with this?
--
Dmitry Dulepov
TYPO3 core&security teams member
Twitter: http://twitter.com/dmitryd
Read more @ http://dmitry-dulepov.com/
_______________________________________________
TYPO3-english mailing list
TYPO3-english at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list