Bug #80021
closed
parseFunc features missing from CE-Table after SecurityFix
0%
Description
With the fixing of the security issue #25245 introduces in 6.2.16
tt_content.table {
20.innerStdWrap.parseFunc >
20.innerStdWrap.htmlSpecialChars = 1
}
the parseFunc funktionality was stripped from CE-Tables, in my case with FluidStyledContent. Later on atleast the support for newlines was readded in changeset 1afa712d0c7fb5a21dc749110dfec412400a9577 but unfortunately there is more to parseFunc and removing it from CE-Tables strips away some features. To be more specific the "sword" functionality from https://www.typo3.net/tsref/functions/parsefunc/ is missing, therefore no search results can be highlighted if it is within a table.
there are some suggestions for fixing the missing parseFunc such as
tt_content.table {
20.innerStdWrap.parseFunc =< lib.parseFunc
20.innerStdWrap.htmlSpecialChars >
}
but this is not working in my case.
Related
https://forge.typo3.org/issues/72250
https://forge.typo3.org/issues/72388
https://forge.typo3.org/issues/73738
Updated by Georg Ringer about 7 years ago
- Status changed from New to Rejected
The goal of TYPO3 is to be secure by default. As there is no RTE for the table element, also no HTML is expected and therefore no parseFunc is required.
However, you as integrator, can of course change the rendering as long as you know what that means for the installation.
Updated by Evelin no-lastname-given about 7 years ago
I think we ran in a misunderstanding. In my oppinion it is ok and correct that no HTML is renderd if no RTE is present,
but the build in highlighting function sword is missing in tables because of that and lots of customers are complaing.
So please consider to reopen!