[英]Typo3 - own viewhelper escapes HTML in T3 V8
I have a viewhelper which worked well in Typo3 V7.x, but in V8.x its output is not plain html any more, but it's html-encoded. 我有一个viewhelper在Typo3 V7.x中很好用,但是在V8.x中,它的输出不再是纯HTML,而是经过html编码的。
Simplified viewhelper class: 简化的viewhelper类:
namespace MyName\Teaserbox\ViewHelpers;
class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper {
public function render ( $html = null ) {
return "<div><h2>$html</h2></div>"
}
}
Simplified HTML: 简化的HTML:
<m:teaserbox><f:cObject typoscriptObjectPath="lib.someHTML"></f:cObject></m:teaserbox>
Output is something like: 输出类似于:
<div><h2>TEST</h2></div>
Escaping can be turned off by adding protected $escapeOutput = false;
可以通过添加
protected $escapeOutput = false;
来关闭转义protected $escapeOutput = false;
to your ViewHelper. 到您的ViewHelper。
namespace MyName\Teaserbox\ViewHelpers;
class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper {
protected $escapeOutput = false;
public function render ( $html = null ) {
return "<div><h2>$html</h2></div>"
}
}
Doing so, you must be aware of, that you need to sanitize user input yourself in order to prevent XSS. 这样做时,您必须意识到,您需要自己清理用户输入以防止XSS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.