[TYPO3-core] FYI48: #12545: t3lib_div::linkThisScript isn't xhtml compatibel
Ingmar Schlecht
ingmar at typo3.org
Wed Nov 11 11:07:28 CET 2009
Hi,
Martin Kutschker schrieb:
> JoH asenau schrieb:
>>>> And try yourself, htmlspecialchars isn't correct:
>>>>
>>>> $a = 'index.php?id=4&c[bla]=derwahn&x=5&return=last';
>>> Where does that string come from? Is the return=last just an example?
>>>
>>> Anyway a string is either encoded or not. Your example has "mixed
>>> content" and is therefore invalid.
>> No it isn't ...
>> .... well actually the string is, but the mixed content is not.
>> In many places strings are collected from different sources which might not
>> be controlled by the core before they are used to create the URL, but still
>> the core has to make sure that the output IS valid.
>
> I disagree. "mist rein, mist raus" (crap in, crap) as the saying goes.
>
> The BE has no obligation whatsoever to cope with broken input.
I agree with you, Masi. Either a function gets encoded stuff or it gets
not-encoded stuff. If it gets something mixed, than something is wrong
elsewhere and it should be corrected there.
cheers
Ingmar
More information about the TYPO3-team-core
mailing list