Project

General

Profile

Actions
Copy link

Task #78477

closed

Refactoring of FlashMessage rendering

Added by Frank Nägler over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Frank Nägler
Category:
Code Cleanup
Target version:
8.6
Start date:
2016-10-28
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

The implementation of the rendering of FlashMessages in the core should be optimized.
With #73698 we start a cleanup which removes rendering from different places and centralized the markup with the FlashMessage class.

The problems we identified are:
  • Security: markup in FlashMessage are not allowed and can open XSS issues
  • Context: some messages contains markup which is fine in context of backend and frontend, but not in CLI context or maybe other contexts
  • For the reasons above, we found markup as well in the FlashMessageQueue class

For all this reasons, we need a flexible and secure solution to handle the FlashMessage rendering in different contexts.

Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Bug #83733: FlashMessage renderers must not escape user contentNew2018-01-30

Actions
Actions
Copy link
 #1

Updated by Gerrit Code Review over 7 years ago

  • Status changed from In Progress to Under Review

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #2

Updated by Gerrit Code Review over 7 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #3

Updated by Gerrit Code Review over 7 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #4

Updated by Gerrit Code Review over 7 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #5

Updated by Gerrit Code Review over 7 years ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #6

Updated by Gerrit Code Review over 7 years ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #7

Updated by Gerrit Code Review over 7 years ago

Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #8

Updated by Gerrit Code Review over 7 years ago

Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #9

Updated by Gerrit Code Review over 7 years ago

Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #10

Updated by Gerrit Code Review over 7 years ago

Patch set 13 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #11

Updated by Gerrit Code Review over 7 years ago

Patch set 14 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #12

Updated by Benni Mack over 7 years ago

  • Target version changed from 8.5 to 8.6
Actions
Copy link
 #13

Updated by Gerrit Code Review over 7 years ago

Patch set 15 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #14

Updated by Gerrit Code Review over 7 years ago

Patch set 16 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #15

Updated by Gerrit Code Review over 7 years ago

Patch set 17 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #16

Updated by Gerrit Code Review over 7 years ago

Patch set 18 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #17

Updated by Gerrit Code Review over 7 years ago

Patch set 19 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #18

Updated by Gerrit Code Review over 7 years ago

Patch set 20 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #19

Updated by Gerrit Code Review over 7 years ago

Patch set 21 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50285

Actions
Copy link
 #20

Updated by Anonymous over 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #21

Updated by Riccardo De Contardi over 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #22

Updated by Alexander Schnitzler about 6 years ago

  • Related to Bug #83733: FlashMessage renderers must not escape user content added
Actions
Copy link

Also available in: Atom PDF