[TYPO3-dev] includeCSS and htmlspecialchars: bug?

Jigal van Hemert jigal at xs4all.nl
Sat Mar 6 07:44:26 CET 2010 

Hi,

bernd wilke wrote:
> 	includeCSS {
> 		varcss = fileadmin/css/csscalc.php?col1=ff0000&col2=0000ff
> 		varcss.external = 1	
> 
> the resulting HTML was:
> <link rel="stylesheet" type="text/css" href="fileadmin/css/csscalc.php?
> col1=ff0000&amp;col2=0000ff" media="screen" />

This would have been correct according to the standard [1], but when I 
tried it with TYPO3 4.4-dev it produced:

<link rel="stylesheet" type="text/css" 
href="fileadmin/testcss.php?col1=ff3300&amp;amp;col2=abcdef" 
media="screen" />

And indeed a var_dump($_GET) in this script produced:

array(2) { ["col1"]=>  string(6) "ff3300" ["amp;col2"]=>  string(6) 
"abcdef" }

> looking in the source of V4.3.2 I found in class.tslib_pagegen.php at 
> line 546 the functioncall  htmlspecialchars() which changes the '&' into 
> '&amp;'

Somehow it's called elsewhere too, which explains the 
double-htmlspecialchars-output.

Please file a bug report, so it can be fixed in newer releases.

[1] http://www.w3.org/TR/xhtml1/guidelines.html#C_12

-- 
Jigal van Hemert.

More information about the TYPO3-dev mailing list