Project

General

Profile

Actions

Task #105362

closed

Update deferred-action.ts DOM Text Interpreted as HTML

Added by TYPO3 GmbH TYPO3com about 1 month ago. Updated about 1 month ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2024-10-19
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Description:
By using textContent, it will avoid the risk of HTML injection, as these properties automatically escape any HTML special characters in the provided text.
This helps make page more safer as compare to innerHTML and prevent cross-site scripting (XSS) vulnerabilities by treating the input as plain text rather than interpreted HTML.

This issue was automatically created from https://github.com/TYPO3/typo3/pull/536

Actions #1

Updated by Gerrit Code Review about 1 month ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/86657

Actions #2

Updated by Andreas Kienast about 1 month ago

  • Status changed from Under Review to Rejected
Actions

Also available in: Atom PDF