[TYPO3-core] FYI48: #12545: t3lib_div::linkThisScript isn't xhtml compatibel

Steffen Kamper info at sk-typo3.de
Wed Nov 11 11:55:04 CET 2009


Hi,

Ernesto Baschny [cron IT] schrieb:
> Steffen Kamper schrieb:
>> Hi,
>>
>> here's final.
> 
> -1 again.
> 
> It was already stated and this is the common praxis: Don't escape
> ampersant throughout the code, but only when really a HTML tag is build.
> Following this rule will never get "double encoded" ampersand.
> 
> The $script might be used in the javascript context (inside a CDATA) or
> for a redirect, where it shouldn't be escaped.
> 
> Fix the callers of this function instead, which place this unescaped in
> a "href=" html tag, calling a htmlspecialchars around it.
> 

please look to the patch - i didn't replaced any ampersand, i only added 
htmlspecialchars to the result.
The replace (was there before) only replaces first ampersand with ?. HSC 
is done afterwards.

This is really hard to get the BE clean ...

vg Steffen


More information about the TYPO3-team-core mailing list