[TYPO3-core] RFC:8574 Do not use htmlspecialchars for CSH description
Ingo Renner
ingo at typo3.org
Mon Jun 2 14:33:29 CEST 2008
Benjamin Mack wrote:
> patch looks good, one question I have to everybody: Since we HSC
> everything because of possible injections, is it ok to remove the HSC at
> that point?
I guess that it is quite safe here as the strings com from a trusted
source (the internal help). However striping everything expect <style>,
<bold> and other visual markup shouldn't hurt.
Ingo
--
Ingo Renner
TYPO3 Core Developer, Release Manager TYPO3 4.2
More information about the TYPO3-team-core
mailing list