[BUGFIX] remove html_entity_decode

eibiflo / cf_cookiemanager

Simple Typo3 Cookie Manager

GNU General Public License v2.0

11 stars 6 forks source link

[BUGFIX] remove html_entity_decode #16

Closed jakobwid closed 10 months ago

jakobwid commented 10 months ago

the new returned HTML-Content should not be decoded, as it also decodes escaped html character which are intended to not be rendered. This is a huge security issue.

jakobwid commented 10 months ago

The Main issue was that TYPO3 always renders the iframe, even with fluid format viewhelper which should only display the string.

eibiflo commented 10 months ago

Hei @jakobwid,

Would you possibly like to join the T3 Slack briefly to discuss this? https://typo3.slack.com/archives/C04NB2ZP30U Thanks for the tip.