Bug #39165
closed
HTML content element html-decodes HTML entities
Added by Thomas Deinhamer almost 12 years ago.
Updated about 9 years ago.
Category:
FormEngine aka TCEforms
Description
When saving the HTML markup in an HTML content
element it HTML-decodes all HTML entities.
E.g. the following:
<script>alert("hello world");</script>
will be converted to:
<script>alert("hello world");</script>
and thus will be executed in the frontend
instead of printed out for demonstration.
- Status changed from New to Accepted
- Target version deleted (
4.7.3)
- TYPO3 Version changed from 4.7 to 4.6
The bug seems to be in the backend editing form.
It doesn't happen in TYPO3 4.5, it started with 4.6:
On first save, it is properly saved to the database and also displayed as is in the frontend. As soon as you re-open the editing form in the backend, the entities are replaced with the less-than signs, and when you just save it back again: You have no more entities in the database.
Could you confirm that this is the bug in your situation (i.e. on first saving it works...)?
This is related to the introduction of the t3editor for HTML editing in 4.6. As soon as you uninstall t3editor, it works as expected.
Can confirm that it works on the first saving,
if reopened in the backend, it gets HTML-encoded.
Happens for me with TYPO3 4.7.1.
- Target version set to 7.4 (Backend)
- Is Regression set to No
- Status changed from Accepted to Closed
Cannot reproduce with TYPO3 6.2.12 and 7.2 (latest master)
Test done:
1. Create new content element > HTML
2. set content as:
<script>alert("hello world");</script>
3. save and close
Result:
in the frontend the result (source code) is exactly "<script>alert("hello world");</script>" so I see the text, and as it is not a "script", it is not executed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by