Typo3-自己的viewhelper在T3V8中转义HTML
我有一个viewhelper,它在Typo3V7.x中运行良好,但在V8.x中,它的输出不再是纯html,而是html编码的 简化的viewhelper类:Typo3-自己的viewhelper在T3V8中转义HTML,typo3,typo3-8.x,viewhelper,Typo3,Typo3 8.x,Viewhelper,我有一个viewhelper,它在Typo3V7.x中运行良好,但在V8.x中,它的输出不再是纯html,而是html编码的 简化的viewhelper类: namespace MyName\Teaserbox\ViewHelpers; class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper { public function render ( $html = null )
namespace MyName\Teaserbox\ViewHelpers;
class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper {
public function render ( $html = null ) {
return "<div><h2>$html</h2></div>"
}
}
可以通过添加受保护的$escapeOutput=false关闭转义;到您的ViewHelper
namespace MyName\Teaserbox\ViewHelpers;
class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper {
protected $escapeOutput = false;
public function render ( $html = null ) {
return "<div><h2>$html</h2></div>"
}
}
这样做时,您必须意识到,您需要自己清理用户输入以防止XSS。可以通过添加受保护的$escapeOutput=false来关闭转义;到您的ViewHelper
namespace MyName\Teaserbox\ViewHelpers;
class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper {
protected $escapeOutput = false;
public function render ( $html = null ) {
return "<div><h2>$html</h2></div>"
}
}
namespace MyName\Teaserbox\ViewHelpers;
class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper {
protected $escapeOutput = false;
public function render ( $html = null ) {
return "<div><h2>$html</h2></div>"
}
}