[TYPO3-english] Page title with GPvar
Dmitry Dulepov
dmitry at typo3.org
Fri Jul 16 11:23:55 CEST 2010
Hi!
JoH asenau wrote:
> Not another but an improved version:
>
> headerData.5 = TEXT
> headerData.5 {
> data = GPvar:tx_myextension_pi1|keyword
> htmlSpecialChars = 1
> wrap = <title>|</title>
> }
What about calling the page as
http://example.com/index.php?id=12345&tx_myextension_pi1[keyword]=sex-pills-http://whatever.com/sexpills.html
:D
What I want to say that it is never safe to display any data like that.
Technically JoH is right: no XSS but the idea is flawed.
I think the question was wrong
(http://dmitry-dulepov.com/article/asking-proper-questions.html). What
exactly was the purpose? What wants to be achieved with this?
--
Dmitry Dulepov
TYPO3 core&security teams member
Twitter: http://twitter.com/dmitryd
Read more @ http://dmitry-dulepov.com/
More information about the TYPO3-english
mailing list