HtmlViewHelper extends AbstractViewHelper

ViewHelper

This class is the implementation of a Fluid ViewHelper.

View this class in the TYPO3 ViewHelper reference: <f:sanitize.html>

FinalYes

ViewHelper to pass a given content through `typo3/html-sanitizer` to mitigate potential cross-site scripting occurrences. The `build` option by default uses the class `TYPO3\CMS\Core\Html\DefaultSanitizerBuilder`, which declares allowed HTML tags, attributes and their values.

  <f:sanitize.html>
      <img src="/img.png" class="image" onmouseover="alert(document.location)">
  </f:sanitize.html>
Tags
see
https://docs.typo3.org/permalink/t3viewhelper:typo3-fluid-sanitize-html
see
DefaultSanitizerBuilder

Table of Contents

Properties

$escapeChildren  : bool
$escapeOutput  : bool

Methods

initializeArguments()  : void
render()  : string
createInitiator()  : SanitizerInitiator
createSanitizer()  : Sanitizer

Properties

$escapeChildren

protected bool $escapeChildren = false

$escapeOutput

protected bool $escapeOutput = false

Methods

initializeArguments()

public initializeArguments() : void

render()

public render() : string
Return values
string

createSanitizer()

protected static createSanitizer(string $build) : Sanitizer
Parameters
$build : string
Return values
Sanitizer

        
On this page

Search results