[Flow] Fluid escaping interceptor not called when rendering view helpers with shorthand syntax
Chris Wolff - AERTiCKET AG
cwolff at aer.de
Tue Jul 1 12:31:33 CEST 2014
Hi Helmut,
i would expect both syntaxes to return the same result!
I would rather see an escape Attribute for the viewHelper. To specify the escaping to be used.
Regards chris
-----Ursprüngliche Nachricht-----
Von: flow-bounces at lists.typo3.org [mailto:flow-bounces at lists.typo3.org] Im Auftrag von Helmut Hummel
Gesendet: Dienstag, 1. Juli 2014 12:20
An: flow at lists.typo3.org
Betreff: [Flow] Fluid escaping interceptor not called when rendering view helpers with shorthand syntax
Hey!
I recently stumbled over this:
{f:uri.action(action: 'list', arguments: {a:'b'})} <f:uri.action action="list" arguments ="{a:'b'}" />
both produce the same result where & is not html escaped.
While I would understand this to be the case for the regular syntax, I would expect that Fluid calls the escaping interceptor when using the shorthand syntax.
Currently it is necessary to always wrap the uri vh with a format.htmlentities vh which is kind of ugly ;)
Am I missing something here?
Kind regards,
Helmut
--
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
_______________________________________________
Flow mailing list
Flow at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
More information about the Flow
mailing list