Commit 85f2ac1a authored by Oliver Hader's avatar Oliver Hader Committed by Andreas Fernandez
Browse files

[TASK] Upgrade to typo3/html-sanitizer v2.0.10

composer req typo3/html-sanitizer:^2.0.10;\
composer req typo3/html-sanitizer:^2.0.10 \
  -d typo3/sysext/core --no-update

Resolves: #95000
Releases: master, 11.3, 10.4, 9.5
Change-Id: Ia2170f6bd6f3bace862fac124ef8cc2966d35171
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70766

Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
parent 997ffc27
Pipeline #15658 passed with stages
in 9 minutes and 54 seconds
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "d465301faf25caba094b610a864c6aa9", "content-hash": "100fc23c3f7d29721d9d4b02385afeee",
"packages": [ "packages": [
{ {
"name": "bacon/bacon-qr-code", "name": "bacon/bacon-qr-code",
...@@ -4922,16 +4922,16 @@ ...@@ -4922,16 +4922,16 @@
}, },
{ {
"name": "typo3/html-sanitizer", "name": "typo3/html-sanitizer",
"version": "v2.0.9", "version": "v2.0.10",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/TYPO3/html-sanitizer.git", "url": "https://github.com/TYPO3/html-sanitizer.git",
"reference": "5dfd055b3d62a505d6dd8381f3145d17147ceb6d" "reference": "b9267c3b19ae1271b6c3f676f287e778977ca324"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/TYPO3/html-sanitizer/zipball/5dfd055b3d62a505d6dd8381f3145d17147ceb6d", "url": "https://api.github.com/repos/TYPO3/html-sanitizer/zipball/b9267c3b19ae1271b6c3f676f287e778977ca324",
"reference": "5dfd055b3d62a505d6dd8381f3145d17147ceb6d", "reference": "b9267c3b19ae1271b6c3f676f287e778977ca324",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
...@@ -4967,9 +4967,9 @@ ...@@ -4967,9 +4967,9 @@
"description": "HTML sanitizer aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.", "description": "HTML sanitizer aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.",
"support": { "support": {
"issues": "https://github.com/TYPO3/html-sanitizer/issues", "issues": "https://github.com/TYPO3/html-sanitizer/issues",
"source": "https://github.com/TYPO3/html-sanitizer/tree/v2.0.9" "source": "https://github.com/TYPO3/html-sanitizer/tree/v2.0.10"
}, },
"time": "2021-08-16T10:44:16+00:00" "time": "2021-08-25T11:05:47+00:00"
}, },
{ {
"name": "typo3/phar-stream-wrapper", "name": "typo3/phar-stream-wrapper",
......
...@@ -193,7 +193,7 @@ class SecurityTest extends FunctionalTestCase ...@@ -193,7 +193,7 @@ class SecurityTest extends FunctionalTestCase
'<font face="a" color="b" onmouseover="alert(1);">text</font>' '<font face="a" color="b" onmouseover="alert(1);">text</font>'
. '<img src="x" alt="test" onerror="alert(2)">', . '<img src="x" alt="test" onerror="alert(2)">',
[ [
'&lt;font face="a" color="b" onmouseover="alert(1);"&gt;text&lt;/font&gt;' '<font face="a" color="b">text</font>'
. '<img src="x" alt="test">', . '<img src="x" alt="test">',
// @todo "expected" for the time being without using HTML Sanitizer // @todo "expected" for the time being without using HTML Sanitizer
'<font face="a" color="b" onmouseover="alert(1);">text</font>' '<font face="a" color="b" onmouseover="alert(1);">text</font>'
...@@ -206,7 +206,7 @@ class SecurityTest extends FunctionalTestCase ...@@ -206,7 +206,7 @@ class SecurityTest extends FunctionalTestCase
. '<img src="x" alt="test" onerror="alert(2)">' . '<img src="x" alt="test" onerror="alert(2)">'
. '</p>', . '</p>',
[ [
'<p>&lt;font face="a" color="b" onmouseover="alert(1);"&gt;text&lt;/font&gt;' '<p><font face="a" color="b">text</font>'
. '<img src="x" alt="test"></p>', . '<img src="x" alt="test"></p>',
// @todo "expected" for the time being without using HTML Sanitizer // @todo "expected" for the time being without using HTML Sanitizer
'<p><font face="a" color="b" onmouseover="alert(1);">text</font>' '<p><font face="a" color="b" onmouseover="alert(1);">text</font>'
......
...@@ -65,7 +65,7 @@ ...@@ -65,7 +65,7 @@
"typo3/class-alias-loader": "^1.0", "typo3/class-alias-loader": "^1.0",
"typo3/cms-cli": "^3.0", "typo3/cms-cli": "^3.0",
"typo3/cms-composer-installers": "^2.0 || ^3.0", "typo3/cms-composer-installers": "^2.0 || ^3.0",
"typo3/html-sanitizer": "^2.0.9", "typo3/html-sanitizer": "^2.0.10",
"typo3/phar-stream-wrapper": "^3.1.6", "typo3/phar-stream-wrapper": "^3.1.6",
"typo3/symfony-psr-event-dispatcher-adapter": "^1.0 || ^2.0", "typo3/symfony-psr-event-dispatcher-adapter": "^1.0 || ^2.0",
"typo3fluid/fluid": "^2.7.0" "typo3fluid/fluid": "^2.7.0"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment