Bug #79608
closed
Wrong handling with html tags in EXT:form
0%
Description
EXT:form strips html tags all over the place instead of properly escaping it.
- If html tags (or special chars) are not allowled, like in the name of the form or elements, those should also not allowed to be entered
- if HTML tags should be possible (especially in fields like static text), those should be possible to be entered
Updated by Björn Jacob about 7 years ago
- Status changed from Accepted to Needs Feedback
- Assignee set to Georg Ringer
Just to get you right, allow us some questions. We do not want to store any HTML tags within the form elements. Especially, the "static text" element should only store plain text without any HTML data. If a special format is needed, the people should use the form element called "Content element".
Could you please explain your concern in more detail? Do you want us to remove any HTML formatting while entering the data into the property fields?
Updated by Martin Kutschker about 7 years ago
Another issue with any < or > in form names is discussed in more #80343.
Updated by Gerrit Code Review about 7 years ago
- Status changed from Needs Feedback to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Gerrit Code Review about 7 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Gerrit Code Review about 7 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Gerrit Code Review about 7 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Gerrit Code Review about 7 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Gerrit Code Review over 6 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Gerrit Code Review over 6 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Gerrit Code Review over 6 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Thorben Nissen over 6 years ago
I came across this, while trying to build a form element that allows to insert HTML code instead of plain text. That could be very useful, if you e.g. need to display a list within the form.
Creating a content element and then link to it in just on form is overkill.
Updated by Gerrit Code Review over 6 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Gerrit Code Review over 6 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52093
Updated by Björn Jacob almost 6 years ago
- Status changed from Under Review to Closed
- Assignee deleted (
Georg Ringer)