[TYPO3-core] RFC:8574 Do not use htmlspecialchars for CSH description
Steffen Kamper
steffen at sk-typo3.de
Sun Jun 1 21:42:19 CEST 2008
"Benjamin Mack" <benni at typo3.org> schrieb im Newsbeitrag
news:mailman.1.1212348251.19381.typo3-team-core at lists.netfielders.de...
> Hey Uschi,
>
> patch looks good, one question I have to everybody: Since we HSC
> everything because of possible injections, is it ok to remove the HSC at
> that point?
>
> If somebody else can give me the answer, +1 from my side!
>
> --
hi,
i thought about that, and sure, a user module can use this function as well.
Ok , may be there is no offense from a user module, i thought about the used
tags.
As this happens in a span there is the possibility to use not allowed tags
here, so may be it is better to replace "some" tags and hsc the rest.
vg Steffen
More information about the TYPO3-team-core
mailing list