Bug #27678
Deactivate EscapeInterceptor for certain ViewHelpers
Status: | Resolved | Start date: | 2011-06-24 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Bastian Waidelich | % Done: | 100% |
|
Category: | ViewHelpers | |||
Target version: | - | |||
Has patch: | No | Affected Flow version: |
Description
For some of the provided ViewHelpers one can exchangeably use either the value attribute or childnodes as input.
So all of the below variants should behave the same:
1<f:format.plaintext>{foo}</f:format.plaintext> 2{foo -> f:format.plaintext()} 3<f:format.plaintext value="{foo}" /> 4{f:format.plaintext(value: foo)}
But in fact the first two examples will get an escaped {foo} because by default the EscapeInterceptor is activated.
A solution would be to deactivate the interceptor for those ViewHelper by inserting the line
1protected $escapingInterceptorEnabled = FALSE;
NOTE: This disables htmlspecialchars() from beeing applied to childnodes so this must not be done for ViewHelpers that directly output the childnodes again!
Associated revisions
[BUGFIX] Deactivate EscapeInterceptor for certain ViewHelpers
This change deactivates automatic escaping for ViewHelpers that rely
on the raw value.
Change-Id: Iebabe42e5f0d674f4fe9f367b33f6dd7e8acdcda
Resolves: #27678
History
#1 Updated by Bastian Waidelich about 4 years ago
Affected ViewHelpers:
- f:count (not really relevant as it expects numeric strings/integers, but still inconsistent currently)
- f:format.date (Note: we should sanitize the format string)
- f:identity.json
- f:escape (Should be marked deprecated see #27668)
#2 Updated by Mr. Hudson about 4 years ago
Patch set 1 of change Iebabe42e5f0d674f4fe9f367b33f6dd7e8acdcda has been pushed to the review server.
It is available at http://review.typo3.org/2979
#3 Updated by Bastian Waidelich about 4 years ago
- Status changed from New to Under Review
#4 Updated by Mr. Hudson about 4 years ago
Patch set 2 of change Iebabe42e5f0d674f4fe9f367b33f6dd7e8acdcda has been pushed to the review server.
It is available at http://review.typo3.org/2979
#5 Updated by Bastian Waidelich about 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset e52fc89a2a9206734305f7b8b3a2bb8295a838fe.