Bug #20846
closed
Synchronize RemoveXSS.php in 4.2 and 4.3
Added by Steffen Kamper over 15 years ago.
Updated over 14 years ago.
Description
This file is used for security reasons. So it's important to have all fixes not only in 4.3 but in 4.2. For this reason both files should be identical.
(issue imported from #M11664)
Files
The uploaded patch is the version used in trunk. So we have the same security for RemoveXSS in both versions (4.2 and trunk)
Ernesto, please add to your reviews for beta2
Steffen, will do.
First note is that I would love to see some unit tests for the most common XSS cases that are being handled by this script, so that we can make sure it doesn't break if we change something. The function is pretty long and tedious to test or consider all potential exploits.
added some unit tests in #21314 - will commit it to trunk in some minutes
Steffen, thanks a lot for the work. I haven't reviewed it but I assume it is already ok. Have you commited it? "Some minutes" have already passed. :)
it's committed yesterday to trunk (unit tests). This patch is for 4_2 and should go to 4.2.10 so we have the same file in both versions for better maintainance (i promised Larsto tke care)
Ok Steffen, thanks! I will review this and we will commit this right before release of 4.2.10 (meaning tomorrow morning).
Commited to TYPO3_4-2, rev.6228
reopened to make it public
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by