Bug #24426: RemoveXSS Problem in Content Rendering? - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #24426

closed

RemoveXSS Problem in Content Rendering?

Added by René over 13 years ago. Updated about 10 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Target version:

Start date:

2010-12-27

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.4

PHP Version:

5.2

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Hi,

after upgrading to Version 4.4.5 i get some contents rendered with the <x> tag inline some different tags.

empl.:
t3lib_div::RemoveXSS('<div style="float: right; position: absolute; left: 300px;">Test</div>')

gives me:
<div st<x>yle="float: right; position: absolute; left: 300px;">test</div>

at the moment i get this in an Mail-Formular with <div style=""> and <a onclick=""> elements.

while the links will be
<a class="classname" on=""><x>click='window.open("/targetpath", "Title", "width=600,height=400,status=yes,scrollbars=yes,resizable=yes"); return false;' target="_blank" href="/targetpath">Linktitle</x></a>

(issue imported from #M16856)

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Watchers (1)

Bug #24426

RemoveXSS Problem in Content Rendering?

Updated by Jigal van Hemert over 13 years ago

Updated by René over 13 years ago

Updated by Alexander Opitz over 10 years ago

Updated by Alexander Opitz about 10 years ago