Deprecation: #76164 - Deprecate RemoveXSS¶
See forge#76164
Description¶
Due to the wrong approach of RemoveXSS it is not 100% secure and does not keep its promise. The following methods have been marked as deprecated:
\TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS()
\RemoveXSS::process()
\TYPO3\CMS\Form\Domain\Filter\RemoveXssFilter
Impact¶
Using the mentioned methods will trigger a deprecation log entry.
Affected Installations¶
Instances that use any of these methods.
Migration¶
Implement a proper encoding by yourself. Use htmlspecialchars()
in the
context of HTML or GeneralUtility::quoteJSvalue()
in the context of JavaScript.