[TYPO3-core] RFC #15635: Bug: XHTML validity of backend when sys_action is loaded

Ernesto Baschny [cron IT] ernst at cron-it.de
Fri Sep 3 19:53:47 CEST 2010


Hi,

This is a SVN patch request.

Type: Bugfix

BT reference: http://bugs.typo3.org/view.php?id=15635

Branches: trunk, TYPO3-4_4, TYPO3-4_3

Problem:
sys_action is able to generate links for the backend.php toolbar. The
links with a href and "&" parameters, but this is not properly escaped
(htmlspecialchars missing).

Solution:
Escape the links, so that that part gets XHTML valid.

How to test:
Install the sys_action extension. Add some actions. And reload the
backend. The backend becomes XHTML invalid.

Cheers,
Ernesto

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 15635.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100903/a1dee037/attachment.asc>


More information about the TYPO3-team-core mailing list