[TYPO3-core] RFC: #15812: Add backend maintenance for login news
François Suter
fsu-lists at cobweb.ch
Thu Oct 7 20:44:09 CEST 2010
Hi Helmut,
Thanks for the detailed answer.
> To RemoveXSS:
>
> Now I can elaborate a bit more since the security fix for it is out now.
>
> Why I don't like RemoveXSS:
Great to have your detailed opinion on this topic.
> What we really need is HTML Purifier[1], which uses a whitelist
> approach, always returns cleaned up and valid! HTML as a result and is
> an open source project which is actively developed. I have it on my list
> to get it into 4.5, but had no time to do it until now.
Looks very interesting.
> I hope I made my points a bit clearer now.
Perfectly clear, to me at least. Thanks again. Nothing beats
communication ;-)
Cheers
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
More information about the TYPO3-team-core
mailing list