[TYPO3-core] RFC: pi_openAtagHrefInJSwindow() applies htmlspecialchars() twice

Michael Stucki michael at typo3.org
Thu Nov 9 11:02:50 CET 2006


Hi Ernesto & Martin,

> So clearly the second one is not XHTML-conform.

I see. You expect that someone has worked around the bug. Maybe.

> So I would propose to change it only in TRUNK and have that notice added
> in the release notes so that plugin writers can check if their extension
> is affected and change it accordingly. Or do the "TYPO3-way", which
> would be to add a $hsc parameter to the function, where the caller can
> decide if he wants to pass the URL again through hsc or not (defaulting
> to "true" for backwards compatibility reasons).

I think it's ok to fix the bug in Trunk and mention it in the release notes
accordingly. No need for $hsc etc.

> And while changing that, we could also change the "#" to the called URL,
> which would add a bit more accessibility to this call (so browsers
> without active JavaScript would still be able to follow the link).

Will do that. New patch follows after 4.0.3...

- michael
-- 
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/



More information about the TYPO3-team-core mailing list