[TYPO3-core] RFC #15635: Bug: XHTML validity of backend when sys_action is loaded
Ernesto Baschny [cron IT]
ernst at cron-it.de
Mon Sep 6 19:30:21 CEST 2010
Ernesto Baschny [cron IT] schrieb am 03.09.2010 19:53:
> Hi,
>
> This is a SVN patch request.
>
> Type: Bugfix
>
> BT reference: http://bugs.typo3.org/view.php?id=15635
>
> Branches: trunk, TYPO3-4_4, TYPO3-4_3
>
> Problem:
> sys_action is able to generate links for the backend.php toolbar. The
> links with a href and "&" parameters, but this is not properly escaped
> (htmlspecialchars missing).
>
> Solution:
> Escape the links, so that that part gets XHTML valid.
>
> How to test:
> Install the sys_action extension. Add some actions. And reload the
> backend. The backend becomes XHTML invalid.
Commited to:
- trunk (rev. 8766, for 4.5alpha2)
- 4_4 (rev. 8767, for 4.4.3)
- 4_3 (rev. 8768, for 4.3.6)
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list