[TYPO3-core] RFC #11649: RemoveXSS corrupts HTML
Dmitry Dulepov
dmitry.dulepov at gmail.com
Mon Dec 7 11:24:37 CET 2009
Hi!
This is SVN patch request.
Type: bug
Branches: 4.2, 4.3, trunk
BT reference: http://bugs.typo3.org/view.php?id=11649
Problem: RemoveXSS corrupts HTML in certain cases. For example, `<div style="x:y">test</div>` becomes `<div st<x>="x:y">test</div>`.
Solution: change default replacement string from <x> to rmxss. Than HTML becomes`<div strmxss="x:y">test</div>`
--
Dmitry Dulepov
"Trust me, I am a doctor!" (c) Gregory House, M.D.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 11649.diff
Type: application/pgp-keys
Size: 637 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091207/c897fe14/attachment.key>
More information about the TYPO3-team-core
mailing list