Breaking: #96520 - Enforce non-empty configuration in cObj::parseFunc

See forge#96520

Description

Invoking ContentObjectRenderer::parseFunc without configuration or TypoScript reference is not possible anymore and in general did not make much sense.

Calling this method without any instructions led to various side-effects, e.g. unintentionally enforcing typo3/html-sanitizer. This problem was amplified when using <f:format.html parseFuncTSPath=""> with an explicitly empty reference which actually did not do anything and behaved the same as <f:format.raw>.

This change enforces that parseFunc is only invoked with actual instructions. An empty configuration will throw a \LogicException and requires corresponding source code or Fluid templates to be adjusted.

Impact

Still invoking ContentObjectRenderer::parseFunc without configuration will throw a \LogicException in the frontend rendering process.

Affected Installations

All installations using one of the following examples

PHP

/** @var \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer $cObj */
$cObj->parseFunc($content, []);
$cObj->parseFunc($content, [], '');
$cObj->parseFunc($content, [], '< null.this.does.not.exist');

TypoScript

# `1` is considered a TypoScript reference which
# most probably does not exist
stdWrap.parseFunc = 1

# non-existing TypoScript reference leading to empty configuration
stdWrap.parseFunc =< null.this.does.not.exist

Fluid Templates

<!-- empty TypoScript reference leading to empty configuration -->
<f:format.html parseFuncTSPath="">{content}</f:format.html>

<!-- non-existing TypoScript reference leading to empty configuration -->
<f:format.html parseFuncTSPath="null.this.does.not.exist">{content}</f:format.html>

Migration

Invocations of parseFunc in PHP and TypoScript without using any configuration or TypoScript reference have to be removed.

In Fluid templates <f:format.html parseFuncTSPath=""> has the same effect as <f:format.raw> which can be used as replacement. However content is used "as-is" without further sanitizing against cross-site scripting.

In case of the need for just replacing links with typolink, it is recommended to use <f:transform.html> ViewHelper.

Thus, any occurrence of the new \LogicException mentioned above, is also an indicator of some missing processing that has been unseen in custom source code or template instructions.