Project

General

Profile

Actions

Task #105361

closed

Update browse-files.ts DOM Text Interpreted as HTML

Added by TYPO3 GmbH TYPO3com about 1 month ago. Updated about 1 month ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2024-10-19
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Description:
By using textContent, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text.
This helps make page more safer as compare to innerHTML and prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.

This issue was automatically created from https://github.com/TYPO3/typo3/pull/535

Actions #1

Updated by Gerrit Code Review about 1 month ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/86656

Actions #2

Updated by Garvin Hicking about 1 month ago

  • Status changed from Under Review to Rejected
Actions

Also available in: Atom PDF