Bug #94786

Updated by Oliver Hader 4 months ago

Related to https://typo3.org/security/advisory/typo3-core-sa-2021-013 

 Currently property @lib.parseFunc.htmlSanitize = 1@ is enforced, in case the behavior has not been explicitly disabled. 

 The idea is to relax the behavior a bit, by target the actual use-cases: 

 * @f:format.html@ view-helper (using new attribute, being enabled per default) 
 * RTE-related invocation of @stdWrap.parseFunc@ (no idea yet, how to tackle) 

Back