[BUGFIX] Prevent XSS in ViewHelpers
[Packages/TYPO3.CMS.git] / typo3 / sysext / fluid / Classes / ViewHelpers / Format / HtmlViewHelper.php
index 687ea01..07ab91c 100644 (file)
@@ -60,11 +60,15 @@ class HtmlViewHelper extends AbstractViewHelper
     protected static $tsfeBackup;
 
     /**
+     * Disable escaping of child nodes' output
+     *
      * @var bool
      */
     protected $escapeChildren = false;
 
     /**
+     * Plain HTML should be returned, no output escaping allowed
+     *
      * @var bool
      */
     protected $escapeOutput = false;