Bug #88514

Inline image record title is doubly escaped

Added by filigivuji filigivuji 3 months ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
FormEngine aka TCEforms
Target version:
-
Start date:
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Running TYPO3 9.5.7.

Steps to reproduce:
  1. On a TYPO3 page, add a new "Images Only" content element.
  2. In the "Images" tab, add a new image and give it the title "<".
  3. Save.

Expected behavior:
The inline record in the "Images" tab shows "<" after "Title" in the inline record's header.

Actual behavior:
After "Title", "&lt;" is displayed. Screenshot attached.

InlineRecordContainer::renderForeignRecordHeader is passed HTML in $data['recordTitle'], which it then escapes again.

TYPO3 6.2 is affected as well, so probably all versions in between are too.

escaping.png View (11.1 KB) filigivuji filigivuji, 2019-06-07 02:18

Also available in: Atom PDF