[TYPO3-core] RFC:8574 Do not use htmlspecialchars for CSH description
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Sun Jun 1 22:24:49 CEST 2008
Benjamin Mack schrieb:
> Sounds like a very good approach: basically HSC all and then reHSC
> spans, b, i, em, strong, br whatever...
Arg, no. No magic. Either we hsc or we don't. If we fear that some
attacker might launch an attack via a spoofed locallang file then we
should define some BB code like stuff to allow for markup. I'm no fan of
allowed tag lists.
Masi
More information about the TYPO3-team-core
mailing list