[TYPO3-mvc] removeXSS view helper
Bastian Waidelich
bastian at typo3.org
Thu Apr 30 15:15:21 CEST 2009
Nathan Lenz wrote:
Hi Nathan,
> I see that the removeXSS helper needs to be coded
> (http://forge.typo3.org/wiki/typo3v4-mvc/ToDo_Fluid)
> How thorough should this be?
I'm not sure if we really need this view helper at all..
I think, we should rename the parseFunc view helper to something like
html view helper and use that for outputting HTML:
<f:html>{article.description}</f:html>
or
<f:html parseFuncTSPath="lib.myParseFunc">{article.description}</f:html>
removeXSS always feels a bit "hacky" to me and TYPO3 does a pretty good
job in rendering HTML ;)
What do you think?
Bastian
More information about the TYPO3-project-typo3v4mvc
mailing list