[TYPO3-core] RFC #15587: Bug: htmlspecialchars called twice

Susanne Moog typo3 at susannemoog.de
Fri Nov 5 19:52:22 CET 2010


On 30.10.2010 09:52, Mikkel Ricky wrote:
> This is an SVN patch request.
> 
> Type: Bugfix
> 
> Bugtracker references: http://bugs.typo3.org/view.php?id=15587
> 
> Branches: TYPO3_4-4 & trunk
> 
> Problem: urls to external css and javascript resources include via
> PAGE.includeCSS/includeJS are passed through htmlspecialchars twice
> 
> Solution:
> In "typo3/sysext/cms/tslib/class.tslib_pagegen.php" all htmlspecialchars
> calls are removed from arguments in method calls to
> 
> * t3lib_PageRenderer::addCssFile
> * t3lib_PageRenderer::addJsLibrary
> * t3lib_PageRenderer::addJsFooterLibrary
> * t3lib_PageRenderer::addJsFile
> * t3lib_PageRenderer::addJsFooterFile
> 
> In "t3lib/class.t3lib_pagerenderer.php" additional htmlspecialchars
> calls are added when rendering html output, i.e. *all* attribute values
> are sent through htmlspecialchars().

+1 by reading and testing (with the example path to a css from bug tracker)

Susanne

-- 
What's worth the price is always worth the fight
Every second counts 'cause there's no second try

TYPO3 Core Team Member


More information about the TYPO3-team-core mailing list