Refactoring of FlashMessage rendering
The implementation of the rendering of FlashMessages in the core should be optimized.
With #73698 we start a cleanup which removes rendering from different places and centralized the markup with the FlashMessage class.
- Security: markup in FlashMessage are not allowed and can open XSS issues
- Context: some messages contains markup which is fine in context of backend and frontend, but not in CLI context or maybe other contexts
- For the reasons above, we found markup as well in the FlashMessageQueue class
For all this reasons, we need a flexible and secure solution to handle the FlashMessage rendering in different contexts.
[!!!][FEATURE] Refactoring of FlashMessage rendering
This patch reverts some changes of #73698 and adds some new things:
- Introduce context based FlashMessageRenderer
- Add special FlashMessageViewHelper for the backend
- Cleanup classes related to FlashMessages
- Deprecate some methods from the FlashMessages::class
Reviewed-by: Christian Kuhn <email@example.com>
Tested-by: Christian Kuhn <firstname.lastname@example.org>
Tested-by: TYPO3com <email@example.com>
Reviewed-by: Markus Klein <firstname.lastname@example.org>
Tested-by: Markus Klein <email@example.com>