[SECURITY] Fix XSS in bullet list element 70/45270/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 15 Dec 2015 10:35:03 +0000 (11:35 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:35:12 +0000 (11:35 +0100)
Replace parsefunc with htmlSpecialChars for the lines of bullet list

Resolves: #71683
Releases: master, 6.2
Security-Commit: 0099f4a51b6d1b994177ab1caa920d6ccf10afe2
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I7415c3cabb6412b6c06dae7c7d88bddf52e1d37c
Reviewed-on: https://review.typo3.org/45270
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/css_styled_content/static/setup.txt
typo3/sysext/css_styled_content/static/v4.5/setup.txt
typo3/sysext/css_styled_content/static/v4.6/setup.txt
typo3/sysext/css_styled_content/static/v4.7/setup.txt
typo3/sysext/css_styled_content/static/v6.0/setup.txt
typo3/sysext/css_styled_content/static/v6.1/setup.txt

index dd0d188..a4e5f17 100644 (file)
@@ -1187,11 +1187,11 @@ tt_content.bullets {
                        token.char = 10
                        cObjNum = |*|1|| 2|*|
                        1.current = 1
-                       1.parseFunc =< lib.parseFunc
+                       1.htmlSpecialChars = 1
                        1.wrap = <li class="odd">|</li>
 
                        2.current = 1
-                       2.parseFunc =< lib.parseFunc
+                       2.htmlSpecialChars = 1
                        2.wrap = <li class="even">|</li>
                }
                dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>
index 3afe2f4..84f3864 100644 (file)
@@ -767,11 +767,11 @@ tt_content.bullets {
                        token.char = 10
                        cObjNum = |*|1|| 2|*|
                        1.current = 1
-                       1.parseFunc =< lib.parseFunc
+                       1.htmlSpecialChars = 1
                        1.wrap = <li class="odd">|</li>
 
                        2.current = 1
-                       2.parseFunc =< lib.parseFunc
+                       2.htmlSpecialChars = 1
                        2.wrap = <li class="even">|</li>
                }
                dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>
index e24557f..c8adb4a 100644 (file)
@@ -771,11 +771,11 @@ tt_content.bullets {
                        token.char = 10
                        cObjNum = |*|1|| 2|*|
                        1.current = 1
-                       1.parseFunc =< lib.parseFunc
+                       1.htmlSpecialChars = 1
                        1.wrap = <li class="odd">|</li>
 
                        2.current = 1
-                       2.parseFunc =< lib.parseFunc
+                       2.htmlSpecialChars = 1
                        2.wrap = <li class="even">|</li>
                }
                dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>
index 1a03156..aea26c9 100644 (file)
@@ -1155,11 +1155,11 @@ tt_content.bullets {
                        token.char = 10
                        cObjNum = |*|1|| 2|*|
                        1.current = 1
-                       1.parseFunc =< lib.parseFunc
+                       1.htmlSpecialChars = 1
                        1.wrap = <li class="odd">|</li>
 
                        2.current = 1
-                       2.parseFunc =< lib.parseFunc
+                       2.htmlSpecialChars = 1
                        2.wrap = <li class="even">|</li>
                }
                dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>
index e7576b1..25e15a4 100644 (file)
@@ -1155,11 +1155,11 @@ tt_content.bullets {
                        token.char = 10
                        cObjNum = |*|1|| 2|*|
                        1.current = 1
-                       1.parseFunc =< lib.parseFunc
+                       1.htmlSpecialChars = 1
                        1.wrap = <li class="odd">|</li>
 
                        2.current = 1
-                       2.parseFunc =< lib.parseFunc
+                       2.htmlSpecialChars = 1
                        2.wrap = <li class="even">|</li>
                }
                dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>
index 227fd6a..a833b66 100644 (file)
@@ -1153,11 +1153,11 @@ tt_content.bullets {
                        token.char = 10
                        cObjNum = |*|1|| 2|*|
                        1.current = 1
-                       1.parseFunc =< lib.parseFunc
+                       1.htmlSpecialChars = 1
                        1.wrap = <li class="odd">|</li>
 
                        2.current = 1
-                       2.parseFunc =< lib.parseFunc
+                       2.htmlSpecialChars = 1
                        2.wrap = <li class="even">|</li>
                }
                dataWrap = <ul class="csc-bulletlist csc-bulletlist-{field:layout}">|</ul>