[TYPO3-dev] config.baseURL, lt_basetag and security
Marc Wöhlken
woehlken at quadracom.de
Wed Sep 23 16:30:40 CEST 2009
Hello!
In earlier TYPO3 versions (< 4.0?) it was possible to use config.baseURL
= 1 to let TYPO3 determine the correct current base url.
AFAIK this feature had been disabled for security reasons (XSS?).
Yesterday I stumbled over an extension called lt_basetag which does
exactly what the above mentioned option did.
Is this of concern when thinking in terms of security? Could someone
possibly explain why the "old" approach was not safe?
Greetings
Marc
--
...........................................................
Marc Wöhlken TYPO3 certified intregator
Quadracom - Proffe & Wöhlken
Rembertistraße 32 WWW: http://www.quadracom.de
D-28203 Bremen E-Mail: woehlken at quadracom.de
______________ PGP-Key: http://pgp.quadracom.de
More information about the TYPO3-dev
mailing list