[TYPO3-english] Question typoscript security
Jigal van Hemert
jigal.van.hemert at typo3.org
Thu Dec 24 13:28:26 CET 2015
Hi,
On 24/12/2015 11:46, Christoph Werner wrote:
> Hi all!
>
> I found two typoscript solutions for building canonical-Tags (seo
> stuff). Solution 1 can be used when having records (news, blogposts...)
> in action. When testing, both working like expected.
>
> My question: did I need some kind of escaping?! Expecially solution 1?
> How could escaping look like?
There are several extensions in TER that can do it for you.
If you want to do it with TS, why not let typolink create the absolute URL?
As far as encoding/escaping: in HTML4/XHTML it was necessary to turn "&"
characters into "&" inside an attribute value. For HTML5 this is
only needed if an entity name follows after the "&".
To be safe apply htmlSpecialChars to the entire URL before wrapping it
with the tag.
--
Jigal van Hemert
TYPO3 CMS Active Contributor
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-english
mailing list