[BUGFIX] Prevent XSS in ViewHelpers 93/47193/5
authorNicole Cordes <typo3@cordes.co>
Fri, 11 Mar 2016 10:17:33 +0000 (11:17 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Sun, 13 Mar 2016 21:44:38 +0000 (22:44 +0100)
commitc7c28e6b37ce8b9a0d445f7c9030dfa0771227d6
tree3f69fec8f7a5dea167d520d93ee749121265ec3e
parent11e3f9c120f3ef747965b13a2bd34b2adab3b23f
[BUGFIX] Prevent XSS in ViewHelpers

This patch removes wrongly introduced missing escaping in ViewHelpers
and adds some documentation about escaping settings.

Resolves: #75016
Releases: master
Change-Id: If0dbd8a5f7506a78238e6245b1a6f568ec7b3e27
Reviewed-on: https://review.typo3.org/47193
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Reviewed-by: Michael Oehlhof <typo3@oehlhof.de>
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
typo3/sysext/fluid/Classes/ViewHelpers/CObjectViewHelper.php
typo3/sysext/fluid/Classes/ViewHelpers/CaseViewHelper.php
typo3/sysext/fluid/Classes/ViewHelpers/DebugViewHelper.php
typo3/sysext/fluid/Classes/ViewHelpers/Format/DateViewHelper.php
typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlViewHelper.php
typo3/sysext/fluid/Classes/ViewHelpers/Format/HtmlentitiesViewHelper.php
typo3/sysext/fluid/Classes/ViewHelpers/Format/StripTagsViewHelper.php
typo3/sysext/fluid/Classes/ViewHelpers/Format/UrlencodeViewHelper.php