Bug #72295: No render of HTML TAGs anymore in tables after update from 6.2.15 to 6.2.16 - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #72295

closed

No render of HTML TAGs anymore in tables after update from 6.2.15 to 6.2.16

Added by Christoph Kapeller almost 9 years ago. Updated almost 9 years ago.

Status:

Rejected

Priority:

Won't have this time

Assignee:

Category:

Content Rendering

Target version:

6.2.16

Start date:

2015-12-17

Due date:

% Done:

Estimated time:

TYPO3 Version:

6.2

PHP Version:

5.5

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

I found a misbehaving on the HTML rendering process...

After updating many TYPO3 installations I came to this misbehaving.
Example source from table: (just a internal link in the table element)

text content|<link 108>this is the link text</link>

renders fine in 6.2.15 but not anymore in 6.2.16
Also any other HTML tag doesnt work any more - like: <strong> <br> ...

Can someone please have a look into this.

Best regards
chriskapeller

Related issues 2 (0 open — 2 closed)

Actions

Copy link

Updated by Andreas Kienast almost 9 years ago

Status changed from New to Closed

Please read this security bulletin for the 6.2.16 and 7.6.1 release. What you do is basically XSS which is prevented now. You may revert the change for tt_content.table in your local TS.

Actions

Copy link

Updated by Christoph Lehmann almost 9 years ago

Also empty cells now contain an

Here is a patch which reverts such changes

--- typo3_src-6.2.16/typo3/sysext/css_styled_content/static/setup.txt    2015-12-15 13:50:49.000000000 +0100
+++ typo3_src-6.2.15/typo3/sysext/css_styled_content/static/setup.txt    2015-12-17 14:41:11.000000000 +0100
@@ -747,7 +747,7 @@ tt_content.image.20 {
         altText = TEXT
         altText {
             data = file:current:alternative
-            htmlSpecialChars = 1
+            stripHtml = 1
         }

         titleText < .altText
@@ -793,7 +793,7 @@ tt_content.image.20 {
             1 {
                 data = file:current:description
                 required = 1
-                htmlSpecialChars = 1
+                parseFunc =< lib.parseFunc
                 br = 1
             }
         }
@@ -1187,11 +1187,11 @@ tt_content.bullets {
             token.char = 10
             cObjNum = |*|1|| 2|*|
             1.current = 1
-            1.htmlSpecialChars = 1
+            1.parseFunc =< lib.parseFunc
             1.wrap = <li class="odd">|</li>

             2.current = 1
-            2.htmlSpecialChars = 1
+            2.parseFunc =< lib.parseFunc
             2.wrap = <li class="even">|</li>
         }
         dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>
@@ -1406,7 +1406,7 @@ tt_content.table {
         cellspacing =
     }
     20.innerStdWrap.wrap = |
-    20.innerStdWrap.htmlSpecialChars = 1
+    20.innerStdWrap.parseFunc = < lib.parseFunc

     20.stdWrap {
         editIcons = tt_content: cols, bodytext, [layout], [table_bgColor|table_border|table_cellspacing|table_cellpadding]

Actions

Copy link

Updated by Christoph Kapeller almost 9 years ago

Hi Andreas, thanks for the info - I just did not read the bulletin very well. I did change the TS and YES it works.
But I found out that normal HTML markup works but the TYPO3 <link 67> does not.

chriskapeller

Actions

Copy link