[TYPO3-core] FYI48: #12545: t3lib_div::linkThisScript isn't xhtml compatibel
Steffen Kamper
info at sk-typo3.de
Wed Nov 11 11:55:04 CET 2009
Hi,
Ernesto Baschny [cron IT] schrieb:
> Steffen Kamper schrieb:
>> Hi,
>>
>> here's final.
>
> -1 again.
>
> It was already stated and this is the common praxis: Don't escape
> ampersant throughout the code, but only when really a HTML tag is build.
> Following this rule will never get "double encoded" ampersand.
>
> The $script might be used in the javascript context (inside a CDATA) or
> for a redirect, where it shouldn't be escaped.
>
> Fix the callers of this function instead, which place this unescaped in
> a "href=" html tag, calling a htmlspecialchars around it.
>
please look to the patch - i didn't replaced any ampersand, i only added
htmlspecialchars to the result.
The replace (was there before) only replaces first ampersand with ?. HSC
is done afterwards.
This is really hard to get the BE clean ...
vg Steffen
More information about the TYPO3-team-core
mailing list