[TYPO3-core] RFC #11649: RemoveXSS corrupts HTML

Dmitry Dulepov dmitry.dulepov at gmail.com
Mon Dec 7 11:24:37 CET 2009


This is SVN patch request.

Type: bug

Branches: 4.2, 4.3, trunk

BT reference:  http://bugs.typo3.org/view.php?id=11649

Problem: RemoveXSS corrupts HTML in certain cases. For example, `<div style="x:y">test</div>` becomes `<div st<x>="x:y">test</div>`.

Solution: change default replacement string from <x> to rmxss. Than HTML becomes`<div strmxss="x:y">test</div>`

Dmitry Dulepov
"Trust me, I am a doctor!" (c) Gregory House, M.D.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 11649.diff
Type: application/pgp-keys
Size: 637 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091207/c897fe14/attachment.key>

More information about the TYPO3-team-core mailing list