[TYPO3-core] FYI48: #12545: t3lib_div::linkThisScript isn't xhtml compatibel

Steffen Kamper info at sk-typo3.de
Tue Nov 10 21:34:12 CET 2009


Hi,

Martin Kutschker schrieb:
> Steffen Kamper schrieb:
>> Hi,
>>
>> following patch will be committed after 48 hours if noone complain.
> 
> I do complain.
> 
> You add a new parameter, but don't add a phpDoc comment. The new parameter changes the behaviour of
> the function. Before you're change it was the duty of the caller to use htmlspecialchars() on t´he
> result of the function. Now this is on by default.
> 
> And I suggest to use htmlspecialchars() and not a homebrew ampersand replacing for proper escaping.
> 

see my comment top oliver - i remove the param.

And try yourself, htmlspecialchars isn't correct:

$a = 'index.php?id=4&c[bla]=derwahn&x=5&return=last';

preg_replace('/&(?!amp;)/', '&', $a) != htmlspecialchars($a)

vg Steffen


More information about the TYPO3-team-core mailing list