Bug #18562

Adding <script> Tag in pagetitle field

Added by Guido S. over 13 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2008-04-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.1
PHP Version:
5.0
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If i add a new page., I just tried to include HTML Code in field "pagetitle". TYPO3 Backend accept this and the Frontend render this HTML Code:

I think HTML is okay, but the <script> Tag is maybe to insecure?

I add this code:
<html><script>alert("Test")</script></html>
(issue imported from #M8019)


Files

8019_admPanel_htmlspecialchars.diff (2.15 KB) 8019_admPanel_htmlspecialchars.diff Administrator Admin, 2008-04-04 13:33

Also available in: Atom PDF