Bug #27678: Deactivate EscapeInterceptor for certain ViewHelpers - TYPO3.Fluid - TYPO3 Forge

TYPO3 Flow Base Distribution TYPO3.Eel TYPO3.Flow TYPO3.Fluid TYPO3.Kickstart TYPO3.Welcome Packages Applications

Bug #27678

Deactivate EscapeInterceptor for certain ViewHelpers

Added by Bastian Waidelich about 4 years ago. Updated about 4 years ago.

Status:

Resolved

Start date:

2011-06-24

Priority:

Should have

Due date:

Assigned To:

Bastian Waidelich

% Done:

100%

Category:

ViewHelpers

Target version:

Has patch:

Affected Flow version:

Description

For some of the provided ViewHelpers one can exchangeably use either the value attribute or childnodes as input.

So all of the below variants should behave the same:

1<f:format.plaintext>{foo}</f:format.plaintext>
2{foo -> f:format.plaintext()}
3<f:format.plaintext value="{foo}" />
4{f:format.plaintext(value: foo)}

But in fact the first two examples will get an escaped {foo} because by default the EscapeInterceptor is activated.

A solution would be to deactivate the interceptor for those ViewHelper by inserting the line

1protected $escapingInterceptorEnabled = FALSE;

NOTE: This disables htmlspecialchars() from beeing applied to childnodes so this must not be done for ViewHelpers that directly output the childnodes again!

Associated revisions

Revision e52fc89a
Added by Bastian Waidelich about 4 years ago

[BUGFIX] Deactivate EscapeInterceptor for certain ViewHelpers

This change deactivates automatic escaping for ViewHelpers that rely
on the raw value.

Change-Id: Iebabe42e5f0d674f4fe9f367b33f6dd7e8acdcda
Resolves: #27678

History

#1 Updated by Bastian Waidelich about 4 years ago

Affected ViewHelpers:

f:count (not really relevant as it expects numeric strings/integers, but still inconsistent currently)
f:format.date (Note: we should sanitize the format string)
f:identity.json
f:escape (Should be marked deprecated see #27668)