Bug #27678

Deactivate EscapeInterceptor for certain ViewHelpers

Added by Bastian Waidelich over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Should have
Category:
ViewHelpers
Target version:
-
Start date:
2011-06-24
Due date:
% Done:

100%

Estimated time:
Has patch:
No

Description

For some of the provided ViewHelpers one can exchangeably use either the value attribute or childnodes as input.

So all of the below variants should behave the same:

<f:format.plaintext>{foo}</f:format.plaintext>
{foo -> f:format.plaintext()}
<f:format.plaintext value="{foo}" />
{f:format.plaintext(value: foo)}

But in fact the first two examples will get an escaped {foo} because by default the EscapeInterceptor is activated.

A solution would be to deactivate the interceptor for those ViewHelper by inserting the line

protected $escapingInterceptorEnabled = FALSE;

NOTE: This disables htmlspecialchars() from beeing applied to childnodes so this must not be done for ViewHelpers that directly output the childnodes again!

#1

Updated by Bastian Waidelich over 10 years ago

Affected ViewHelpers:

  • f:count (not really relevant as it expects numeric strings/integers, but still inconsistent currently)
  • f:format.date (Note: we should sanitize the format string)
  • f:identity.json
  • f:escape (Should be marked deprecated see #27668)
#2

Updated by Mr. Hudson over 10 years ago

Patch set 1 of change Iebabe42e5f0d674f4fe9f367b33f6dd7e8acdcda has been pushed to the review server.
It is available at http://review.typo3.org/2979

#3

Updated by Bastian Waidelich over 10 years ago

  • Status changed from New to Under Review
#4

Updated by Mr. Hudson over 10 years ago

Patch set 2 of change Iebabe42e5f0d674f4fe9f367b33f6dd7e8acdcda has been pushed to the review server.
It is available at http://review.typo3.org/2979

#5

Updated by Bastian Waidelich over 10 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF