[TYPO3-core] RFC: #8090: Menu creation has empty defaults which could lead to problems
Steffen Kamper
steffen at sk-typo3.de
Thu Apr 17 10:46:41 CEST 2008
"Michael Stucki" <michael at typo3.org> schrieb im Newsbeitrag
news:mailman.1.1208121287.8166.typo3-team-core at lists.netfielders.de...
> Ingo Renner wrote:
>
>> Martin Kutschker wrote:
>>
>>> Which in turn has to be entered by an editor. So it's probably on
>>> purpose.
>>
>> agreed, although of course one could have bad editors in the team.
>
> Exactly. I would even say this is a security problem to be possible. Any
> reasons to allow JavaScript code in a title? Otherwise I'm all for
> blocking
> it.
>
Hi Michael,
so you suggest a processing function that eleminates any <script> from
strings?
May be a good idea to use it from different places.
Or using RemoveXSS? I'm still unhappy with this class as some issues aren't
solved, i don't know who takes care of it
vg Steffen
More information about the TYPO3-team-core
mailing list