Bug #94810

Updated by Oliver Hader 4 months ago

Currently it is not possible to disable the html sanitize functionality. 
 Tested with the <f:format.html>...</f:format.html> function 
 When I set lib.parseFunc.htmlSanitize = 0 and lib.parseFunc_RTE.htmlSanitize = 0 the html is still sanitized. 

 This can be testen with: 
 <f:format.html><form action=""><input name="test" /></form></f:format.html> 

 The issue seems to be in the class: TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer in the function parseFunc. 
 Line: if ($conf['htmlSanitize'] ?? true) {