Deprecation: #76164 - Deprecate RemoveXSS

See forge#76164

Description

Due to the wrong approach of RemoveXSS it is not 100% secure and does not keep its promise. The following methods have been marked as deprecated:

  • \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS()
  • \RemoveXSS::process()
  • \TYPO3\CMS\Form\Domain\Filter\RemoveXssFilter

Impact

Using the mentioned methods will trigger a deprecation log entry.

Affected Installations

Instances that use any of these methods.

Migration

Implement a proper encoding by yourself. Use htmlspecialchars() in the context of HTML or GeneralUtility::quoteJSvalue() in the context of JavaScript.