Project

General

Profile

Actions

Bug #39165

closed

HTML content element html-decodes HTML entities

Added by Thomas Deinhamer over 12 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
FormEngine aka TCEforms
Target version:
Start date:
2012-07-21
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.6
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

When saving the HTML markup in an HTML content
element it HTML-decodes all HTML entities.

E.g. the following:

<script>alert("hello world");</script>

will be converted to:

<script>alert("hello world");</script>

and thus will be executed in the frontend
instead of printed out for demonstration.

Actions #1

Updated by Ernesto Baschny over 12 years ago

  • Status changed from New to Accepted
  • Target version deleted (4.7.3)
  • TYPO3 Version changed from 4.7 to 4.6

The bug seems to be in the backend editing form.

It doesn't happen in TYPO3 4.5, it started with 4.6:

On first save, it is properly saved to the database and also displayed as is in the frontend. As soon as you re-open the editing form in the backend, the entities are replaced with the less-than signs, and when you just save it back again: You have no more entities in the database.

Could you confirm that this is the bug in your situation (i.e. on first saving it works...)?

This is related to the introduction of the t3editor for HTML editing in 4.6. As soon as you uninstall t3editor, it works as expected.

Actions #2

Updated by Thomas Deinhamer over 12 years ago

Can confirm that it works on the first saving,
if reopened in the backend, it gets HTML-encoded.

Happens for me with TYPO3 4.7.1.

Actions #3

Updated by Mathias Schreiber almost 10 years ago

  • Target version set to 7.4 (Backend)
  • Is Regression set to No
Actions #4

Updated by Riccardo De Contardi over 9 years ago

  • Status changed from Accepted to Closed

Cannot reproduce with TYPO3 6.2.12 and 7.2 (latest master)

Test done:

1. Create new content element > HTML
2. set content as:

&lt;script&gt;alert("hello world");&lt;/script&gt;

3. save and close
Result:
in the frontend the result (source code) is exactly "&lt;script&gt;alert("hello world");&lt;/script&gt;" so I see the text, and as it is not a "script", it is not executed

Actions

Also available in: Atom PDF