[TYPO3-bugs] RFC: pi_openAtagHrefInJSwindow() applies htmlspecialchars() twice
Michael Stucki
michael at typo3.org
Tue Nov 7 10:53:27 CET 2006
Sorry, that was sent to the wrong list...
- michael
Am Dienstag, 7. November 2006 10:45 schrieb Michael Stucki:
> This is a SVN patch request.
>
> Problem:
> The input string for pi_openAtagHrefInJSwindow() needs to be an complete <a
> href="..."> element, so it is clear that this must have htmlspecialchars()
> applied. However, when sending out the resulting JavaScript link, the whole
> content is sent through htmlspecialchars() again.
>
> Solution:
> I have removed the htmlspecialchars() call around the full output string
> but added two new ones for $winName and $winParams only.
>
> Branches: TYPO3_4-0 and Trunk
>
> - michael
More information about the TYPO3-team-bugs
mailing list