[TYPO3-core] FYI48: #12545: t3lib_div::linkThisScript isn't xhtml compatibel
Martin Kutschker
masi-no at spam-typo3.org
Wed Nov 11 09:37:31 CET 2009
JoH asenau schrieb:
>>> And try yourself, htmlspecialchars isn't correct:
>>>
>>> $a = 'index.php?id=4&c[bla]=derwahn&x=5&return=last';
>> Where does that string come from? Is the return=last just an example?
>>
>> Anyway a string is either encoded or not. Your example has "mixed
>> content" and is therefore invalid.
>
> No it isn't ...
> .... well actually the string is, but the mixed content is not.
> In many places strings are collected from different sources which might not
> be controlled by the core before they are used to create the URL, but still
> the core has to make sure that the output IS valid.
I disagree. "mist rein, mist raus" (crap in, crap) as the saying goes.
The BE has no obligation whatsoever to cope with broken input.
Masi
More information about the TYPO3-team-core
mailing list