[SECURITY] Fix XSS in bullet list element 82/45282/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 15 Dec 2015 10:38:11 +0000 (11:38 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:38:20 +0000 (11:38 +0100)
Replace parsefunc with htmlSpecialChars for the lines of bullet list

Resolves: #71683
Releases: master, 6.2
Security-Commit: d756287c89b3c3f1e53c7e4661bea8e8f2f1d2e6
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: Idabbe0222398e848a7365446a577f10ae804cd30
Reviewed-on: https://review.typo3.org/45282
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/css_styled_content/static/setup.txt
typo3/sysext/css_styled_content/static/v6.2/setup.txt

index 86fcc40..afcae4e 100644 (file)
@@ -1179,11 +1179,11 @@ tt_content.bullets {
                        token.char = 10
                        cObjNum = |*|1|| 2|*|
                        1.current = 1
-                       1.parseFunc =< lib.parseFunc
+                       1.htmlSpecialChars = 1
                        1.wrap = <li class="odd">|</li>
 
                        2.current = 1
-                       2.parseFunc =< lib.parseFunc
+                       2.htmlSpecialChars = 1
                        2.wrap = <li class="even">|</li>
                }
                dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>
index 1bc1a23..f25a603 100644 (file)
@@ -1191,11 +1191,11 @@ tt_content.bullets {
                        token.char = 10
                        cObjNum = |*|1|| 2|*|
                        1.current = 1
-                       1.parseFunc =< lib.parseFunc
+                       1.htmlSpecialChars = 1
                        1.wrap = <li class="odd">|</li>
 
                        2.current = 1
-                       2.parseFunc =< lib.parseFunc
+                       2.htmlSpecialChars = 1
                        2.wrap = <li class="even">|</li>
                }
                dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>