Feature #56642
closed
Missing TypoScript property to quote and escape content for use in JavaScript
Added by Jigal van Hemert about 10 years ago.
Updated over 5 years ago.
Estimated time:
(Total: 0.00 h)
Description
We have htmlSpecialChars and rawUrlEncode in stdWrap, but no equivalent of \TYPO3\CMS\Core\Utility\GeneralUtility::quoteJSvalue()
Use case: JavaScript for a statistics tools needs to log some of the submitted data or one of the URL parameters. It's easy to build some TS that puts that data in a block of JS, but without proper escaping (and possibly quoting) a visitor can create XSS.
- Assignee set to Jigal van Hemert
RM was asked and doesn't mind having it in 6.2LTS.
- Status changed from New to Under Review
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF