Breaking: #69863 - Fluid escaping behaviour changed from ENT_COMPAT to ENT_QUOTES¶
See forge#69863
Description¶
The escaping behaviour in Fluid has been changed. Before, ENT_
was used.
Now, ENT_
is used.
Impact¶
Fluid templates which depend on single quotes not being escaped when escaping variables. Affects
ObjectAccessor (variable access in general) and calls to f:
and f:
.
Affected Installations¶
Any TYPO3 site containing Fluid templates which depend on single quotes not being escaped.
Migration¶
Change template to not depend on single quotes being escaped in any ObjectAccessor, consider adding
{variable -> f:
or
<f:
when accessing variables but be aware of possible XSS implications due to incomplete escaping.