Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SECURITY] Avoid XSS by correctly encoding typolink results
In order to avoid XSS through typolink, anchor text is encoded correctly to be used in a HTML context. Fallback link texts of links to pages are encoded per default in case lib.parseFunc has not been configured. Resolves: #88635 Releases: master, 9.5, 8.7 Security-Commit: 57c5eeb93e6df4b1958bcafcd85ada6c7e355d41 Security-Bulletin: TYPO3-CORE-SA-2019-022 Change-Id: I9a415d6b2ed494dac7f4747e25460d95e1f27284 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62704 Tested-by: Oliver Hader <oliver.hader@typo3.org> Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
- Loading branch information