Bug #94810

Bug #94787: Tracking issue related to HTML sanitization issues

Unable to disable html sanitize

Added by Robert van Kammen 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2021-08-11
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Currently it is not possible to disable the html sanitize functionality.
Tested with the <f:format.html>...</f:format.html> function
When I set lib.parseFunc.htmlSanitize = 0 and lib.parseFunc_RTE.htmlSanitize = 0 the html is still sanitized.

This can be testen with:

<f:format.html><form action=""><input name="test" /></form></f:format.html>

The issue seems to be in the class: TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer in the function parseFunc.
Line: if ($conf['htmlSanitize'] ?? true) {

Also available in: Atom PDF