[TYPO3-core] FYI48: #12545: t3lib_div::linkThisScript isn't xhtml compatibel
Steffen Kamper
info at sk-typo3.de
Tue Nov 10 21:34:12 CET 2009
Hi,
Martin Kutschker schrieb:
> Steffen Kamper schrieb:
>> Hi,
>>
>> following patch will be committed after 48 hours if noone complain.
>
> I do complain.
>
> You add a new parameter, but don't add a phpDoc comment. The new parameter changes the behaviour of
> the function. Before you're change it was the duty of the caller to use htmlspecialchars() on t´he
> result of the function. Now this is on by default.
>
> And I suggest to use htmlspecialchars() and not a homebrew ampersand replacing for proper escaping.
>
see my comment top oliver - i remove the param.
And try yourself, htmlspecialchars isn't correct:
$a = 'index.php?id=4&c[bla]=derwahn&x=5&return=last';
preg_replace('/&(?!amp;)/', '&', $a) != htmlspecialchars($a)
vg Steffen
More information about the TYPO3-team-core
mailing list