[TYPO3-core] RFC:8574 Do not use htmlspecialchars for CSH description
Steffen Kamper
steffen at sk-typo3.de
Sun Jun 1 22:36:12 CEST 2008
"Martin Kutschker" <martin.kutschker-n0spam at no5pam-blackbox.net> schrieb im
Newsbeitrag
news:mailman.1.1212351886.2077.typo3-team-core at lists.netfielders.de...
> Benjamin Mack schrieb:
>> Sounds like a very good approach: basically HSC all and then reHSC spans,
>> b, i, em, strong, br whatever...
>
> Arg, no. No magic. Either we hsc or we don't. If we fear that some
> attacker might launch an attack via a spoofed locallang file then we
> should define some BB code like stuff to allow for markup. I'm no fan of
> allowed tag lists.
>
> Masi
Hi Masi,
i understand you and i'm also not a fan of such list.
But for inline Help we only can allow "inline-Elements" to be valid.
This implicits a list of allowed elements.
As these texts coming from xml i would prefer simple BB-code
vg Steffen
More information about the TYPO3-team-core
mailing list