[TYPO3-core] RFC: #15812: Add backend maintenance for login news
Sebastian Michaelsen
sebastian.gebhard at gmail.com
Mon Oct 4 13:04:28 CEST 2010
Am 04.10.2010 12:54, schrieb Steffen Kamper:
>> Additionally my extension oneclicklogin (maybe known from the latest TYPO3 Podcast) will not work
>> anymore.
>> In my eyes this is not an improvement at all.
>>
>
> please consider why it breaks.
It breaks because it depends on HTML in Login News. It produces a login news entry with links you
can click to log yourself in.
I think if you used RemoveXSS instead of denying HTML completely, it would still break (because it
uses the onclick attribute) but I think I would be able to fix this in my ext and make it
RemoveXSS-proof.
I read the discussion but I could not really understand why RemoveXSS was not used. Did I miss
something?
More information about the TYPO3-team-core
mailing list