ReStructured Text Infrastructurewiki.typo3.orgOfficial Documentation

Task #31745

Mention the risk of XSS in TypoScript

Added by Michael Schams over 1 year ago. Updated about 1 year ago.

Status:Closed Start date:2011-11-11
Priority:Should have Due date:
Assignee:- % Done:

100%
Category:-
Target version:1.0.0
Votes: 0

Description

In Chapter "TYPO3 Integrator -> TypoScript", mention that of course XSS is also possible and quite often seen.

Associated revisions

Revision 1064
Added by Michael Schams over 1 year ago

[TASK] upper/lower-case for roles/positions updated to all lower-case (resolves: #31734)
[TASK] tabs changed to 2x space in preformatted texts (code examples)
[TASK] chapter "The TYPO3 Security Team -> Incident handling" re-worked (resolves: #31735 and #31736)
[TASK] chapter "General Information -> Differentiation between core and extensions" extended (resolves: #31738)
[TASK] chapter "General Information -> Announcement of updates and security fixes" extended (resolves: #31739)
[TASK] chapter "General Information -> Security bulletins" extended (resolves: #31740)
[TASK] chapter "General Guidelines -> React quickly" extended (resolves: #31741)
[TASK] chapter "System Administrators -> Database administration tools" updated (resolves: #31743)
[TASK] chapter "System Administrators -> Other services" updated (resolves: #31744)
[TASK] chapter "TYPO3 Integrator -> Backend users and access privileges" updated (resolves: #31730)
[TASK] chapter "TYPO3 Integrator -> TypoScript -> Cross-site scripting (XSS)" added (resolves: #31745)
[TASK] chapter "TYPO3 Integrator -> TypoScript -> External file inclusion" added

Revision 1093
Added by Michael Schams over 1 year ago

[TASK] several corrections (typos, grammar, wording etc.) after language review (resolves: #31670)
[TASK] chapter "TYPO3 Integrator -> TypoScript -> Cross-site scripting (XSS)", example added (resolves: #31745)
[TASK] chapter "System Administrators -> Database access": passwords, usernames, privileges reworked (resolves: #30679)
[TASK] chapter "Introduction -> About this document" updated

History

#1
Updated by Michael Schams over 1 year ago

New sub-header "TYPO3 Integrator -> TypoScript -> Cross-site scripting (XSS)" added.
Can someone provide a typical example (quote: "quite often seen") and how to address this issue, please?

#2
Updated by Michael Schams over 1 year ago

  • % Done changed from 0 to 20

#3
Updated by Michael Schams over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 20 to 100

Applied in changeset r1064.

#4
Updated by Chris topher about 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF