Feature #56642
closed
Missing TypoScript property to quote and escape content for use in JavaScript
100%
Description
We have htmlSpecialChars and rawUrlEncode in stdWrap, but no equivalent of \TYPO3\CMS\Core\Utility\GeneralUtility::quoteJSvalue()
Updated by Jigal van Hemert about 10 years ago
Use case: JavaScript for a statistics tools needs to log some of the submitted data or one of the URL parameters. It's easy to build some TS that puts that data in a block of JS, but without proper escaping (and possibly quoting) a visitor can create XSS.
Updated by Jigal van Hemert about 10 years ago
- Assignee set to Jigal van Hemert
RM was asked and doesn't mind having it in 6.2LTS.
Updated by Gerrit Code Review about 10 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28177
Updated by Gerrit Code Review about 10 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28177
Updated by Jigal van Hemert about 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 27fc64a9f63a8c11bc1b5983d2c2eb1760f1f596.
Updated by