Project

General

Profile

Actions

Bug #94866

closed

Bug #94787: Tracking issue related to HTML sanitization issues

Generated onclick events for image-zoom, typolink and HMENU removed

Added by Oliver Hader over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Security
Target version:
-
Start date:
2021-08-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

ContentObjectRender and AbstractMenuContentObject are generating onclick attributes in order to trigger individual client-side functionality such as opening a link in a new window or showing larger image.

Albeit this is not "nice" in general, a potential solution would be to allow those functions openPic and openWindow (needs to be exposed) in HTML sanitizer or the core.

Actions

Also available in: Atom PDF