[TYPO3-mvc] viewhelpers: stripHTML & removeXSS - what should be tested?
Sebastian KurfŸürst
sebastian at typo3.org
Fri May 22 17:49:02 CEST 2009
Hey Helmut,
> Well OK. I did not look at the whole validation stuff yet, but
> nevertheless I think, that the person who writes the templates should
> not cope with removeXSS, data should be escaped beforehand.
> Of course stripHTML would make sense, since it would be usefull to
> output the same data with or without HTML tags, depending on the usecase.
Actually this is a feature which entered Fluid (for v5) today, and will
be backported during the next days. Basically all Object Accessors get
postprocessed :-)
Greets,
Sebastian
More information about the TYPO3-project-typo3v4mvc
mailing list