[TYPO3-core] FYI48: #12545: t3lib_div::linkThisScript isn't xhtml compatibel
Helmut Hummel
helmut at typo3.org
Wed Nov 11 09:53:50 CET 2009
Hi,
Am 10.11.09 19:49, schrieb Oliver Klee:
>
> Steffen Kamper schrieb:
>> The escaping of& is optional, but done by default. So if you need this
>> with other doctype it's still possible.
>
> & need to be escaped in all versions of (X)HTML, even in HTML 3.2. So
> this doesn't need to be configurable. :-)
An URL does not have to be used in a (X)HTML context. It may be used as
a GET value (therefore has to be urlencoded) or as redirect URL (where
it must not be encoded at all).
Changing this in an API function, where the comment[1] clearly states,
that the user of this function needs to care about using
htmlspecialchars himself (if applicable) is wrong.
The only way to go is to introduce a parameter $useHtmlSpecialChars and
default it to FALSE. To fix the (X)HTML output, the function calls needs
to be adjusted where it is necessary.
See attached patch
Kind regards
Helmut
[1] "REMEMBER to always use htmlspecialchars() for content in
href-properties to get ampersands converted to entities ..."
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 12545_v3.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091111/c1f36940/attachment.txt>
More information about the TYPO3-team-core
mailing list