[TYPO3-core] RFC:8574 Do not use htmlspecialchars for CSH description
Benjamin Mack
benni at typo3.org
Sun Jun 1 21:50:29 CEST 2008
Sounds like a very good approach: basically HSC all and then reHSC
spans, b, i, em, strong, br whatever...
Steffen Kamper wrote:
> "Benjamin Mack" <benni at typo3.org> schrieb im Newsbeitrag
> news:mailman.1.1212348251.19381.typo3-team-core at lists.netfielders.de...
>> Hey Uschi,
>>
>> patch looks good, one question I have to everybody: Since we HSC
>> everything because of possible injections, is it ok to remove the HSC at
>> that point?
>>
>> If somebody else can give me the answer, +1 from my side!
>>
>> --
>
> hi,
>
> i thought about that, and sure, a user module can use this function as well.
> Ok , may be there is no offense from a user module, i thought about the used
> tags.
> As this happens in a span there is the possibility to use not allowed tags
> here, so may be it is better to replace "some" tags and hsc the rest.
>
> vg Steffen
>
>
>
--
greetings,
benni.
-SDG-
More information about the TYPO3-team-core
mailing list