Breaking: #69863 - Fluid escaping behaviour changed from ENT_COMPAT to ENT_QUOTES
See forge#69863
Description
The escaping behaviour in Fluid has been changed. Before, ENT_
was used.
Now, ENT_
is used.
Impact
Fluid templates which depend on single quotes not being escaped when escaping variables. Affects
ObjectAccessor (variable access in general) and calls to f:
and f:
.
Affected Installations
Any TYPO3 site containing Fluid templates which depend on single quotes not being escaped.
Migration
Change template to not depend on single quotes being escaped in any ObjectAccessor, consider adding
{variable -> f:
or
<f:
when accessing variables but be aware of possible XSS implications due to incomplete escaping.