Project

General

Profile

Actions

Bug #24426

closed

RemoveXSS Problem in Content Rendering?

Added by René almost 14 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-12-27
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.4
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Hi,

after upgrading to Version 4.4.5 i get some contents rendered with the <x> tag inline some different tags.

empl.:
t3lib_div::RemoveXSS('<div style="float: right; position: absolute; left: 300px;">Test</div>')

gives me:
<div st<x>yle="float: right; position: absolute; left: 300px;">test</div>

at the moment i get this in an Mail-Formular with <div style=""> and <a onclick=""> elements.

while the links will be
<a class="classname" on=""><x>click='window.open("/targetpath", "Title", "width=600,height=400,status=yes,scrollbars=yes,resizable=yes"); return false;' target="_blank" href="/targetpath">Linktitle</x></a>

(issue imported from #M16856)


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #20835: RemoveXSS corrupts HTMLClosed2009-08-05

Actions
Actions

Also available in: Atom PDF