HtmlViewHelper extends AbstractViewHelper
This class is the implementation of a Fluid ViewHelper.
View this class in the TYPO3 ViewHelper reference: <f:sanitize.html>
FinalYes
ViewHelper to pass a given content through `typo3/html-sanitizer` to mitigate potential cross-site scripting occurrences. The `build` option by default uses the class `TYPO3\CMS\Core\Html\DefaultSanitizerBuilder`, which declares allowed HTML tags, attributes and their values.
<f:sanitize.html>
<img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>
Tags
Table of Contents
Properties
- $escapeChildren : bool
- $escapeOutput : bool
Methods
- initializeArguments() : void
- render() : string
- createInitiator() : SanitizerInitiator
- createSanitizer() : Sanitizer
Properties
$escapeChildren
protected
bool
$escapeChildren
= false
$escapeOutput
protected
bool
$escapeOutput
= false
Methods
initializeArguments()
public
initializeArguments() : void
render()
public
render() : string
Return values
stringcreateInitiator()
protected
static createInitiator() : SanitizerInitiator
Return values
SanitizerInitiatorcreateSanitizer()
protected
static createSanitizer(string $build) : Sanitizer
Parameters
- $build : string