Bug #92051
closedf:asset.script breaks ampersands and thus functionality
0%
Description
Adding this code:
<f:asset.script identifier="googleApi" src="https://maps.googleapis.com/maps/api/js?key=API_KEY&libraries=places" />
results in a frontend output:
<script src="https://maps.googleapis.com/maps/api/js?key=API_KEY&amp;libraries=places"></script>
The original ampersand is already converted when added to the AssetCollector, which is correct, I suppose but then again htmlspecialchar'd in AssetRenderer.php in line 105 through the implodeAttributes function which results in the double manipulation of the ampersand:
$attributesString = count($attributes) ? ' ' . GeneralUtility::implodeAttributes($attributes, true) : '';
If I set the second parameter to false, it works.
Updated by Oliver Hader over 4 years ago
- Status changed from New to Needs Feedback
Setting the second parameter to false
would allow cross-site scripting → we don't want that...
Probably ScriptViewHelper
has to be adjusted. In any way, having automated tests for that would help here.
Updated by Oliver Hader over 4 years ago
- Related to Feature #90522: Introduce AssetCollector added
Updated by Oliver Hader over 4 years ago
- Status changed from Needs Feedback to New
Updated by Raphael Zschorsch over 4 years ago
I only set the parameter to false to check if it has something to do with htmlspecialchars :)
Updated by Raphael Zschorsch about 4 years ago
- Related to Bug #92284: <f:asset.script> ViewHelper double escape the src attribute added
Updated by Riccardo De Contardi over 1 year ago
I think it has been solved: I performed the following test on TYPO3 11.x, 12.x, 13.x:
- add the following code to my Fluid page template:
<f:asset.script identifier="googleApi" src="https://maps.googleapis.com/maps/api/js?key=API_KEY&libraries=places" />
Result¶
on all the TYPO3 version tested the output has been:
<script src="https://maps.googleapis.com/maps/api/js?key=API_KEY&libraries=places"></script>
Updated by Riccardo De Contardi over 1 year ago
- Status changed from New to Closed
I have been confirmed that the problem has been solved with https://forge.typo3.org/issues/92284 - closing this issue.
If you think that this is the wrong decision or experience the issue again, please reopen it or open a new issue with a reference to this one. Thank you.