Story #45758
Provide a way to control escaping of content through TypoScript
Status: | Accepted | Start date: | 2013-02-22 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Sebastian Kurfuerst | % Done: | 0% |
|
Category: | Content Rendering | Spent time: | - | |
Target version: | 1.0 beta 1 | |||
Story points | - | |||
Velocity based estimate | - |
Description
Currently, we always use f:format.raw ViewHelper inside all Content Element templates... The
problem with that is that it's very unsafe, disabling the complete security which was in-built.
Enabling it in all cases is not nice as well, as we need to control that on a case-by-case basis.
That's why we want to introduce a SafeString class, which is directly rendered without any escaping; while in the default case,
the escaping should stay active.
History
#1 Updated by Gerrit Code Review over 2 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18443
#2 Updated by Gerrit Code Review over 2 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18444
#3 Updated by Gerrit Code Review over 2 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18445