Project

General

Profile

Actions

Bug #19110

closed

t3lib_div::removeXSS translates normal text too

Added by David Slayback over 16 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2008-07-15
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If a user types in something in a reply form and the t3lib_div::removeXSS function is called on it, it inserts <x> into normal text too. This make it unusable. It should only deal with keywords in HTML tags, not normal text.

Here is an example:
the title of the scripture is linked to a metaphysical layer of baseless logic

Which translates to:
the ti<x>tle of the sc<x>ripture is li<x>nked to a me<x>taphysical la<x>yer of ba<x>seless logic

(issue imported from #M8978)


Files

removeXSS.diff (1.04 KB) removeXSS.diff Administrator Admin, 2008-09-29 13:26
removeXSS-1.diff (11.4 KB) removeXSS-1.diff Administrator Admin, 2008-10-30 19:44

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Feature #19600: Improvement of removeXSSClosedOliver Hader2008-11-12

Actions
Has duplicate TYPO3 Core - Bug #19234: removeXSS needs improvementClosedMichael Stucki2008-08-20

Actions
Actions

Also available in: Atom PDF