[TYPO3-core] FYI48: #12545: t3lib_div::linkThisScript isn't xhtml compatibel
Ernesto Baschny [cron IT]
ernst at cron-it.de
Wed Nov 11 11:36:14 CET 2009
Steffen Kamper schrieb:
> Hi,
>
> here's final.
-1 again.
It was already stated and this is the common praxis: Don't escape
ampersant throughout the code, but only when really a HTML tag is build.
Following this rule will never get "double encoded" ampersand.
The $script might be used in the javascript context (inside a CDATA) or
for a redirect, where it shouldn't be escaped.
Fix the callers of this function instead, which place this unescaped in
a "href=" html tag, calling a htmlspecialchars around it.
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list