Attention

TYPO3 v10 has reached end-of-life as of April 30th 2023 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.

Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v10 here: TYPO3 ELTS.

sanitize.html

Passes a given content through typo3/html-sanitizer to mitigate potential cross-site scripting occurrences. Given default build corresponds to class TYPO3\CMS\Core\Html\DefaultSanitizerBuilder declaring allowed HTML tags, attributes and their values.

Examples

Default parameters

<f:sanitize.html>
  <img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>

Output:

<img src="/img.png" class="image">

Inline notation

{richTextFieldContent -> f:sanitize.html(build: 'default')}

Arguments

build

DataType

string

Default

'default'

Required

false

Description

Preset name or class-like name of sanitization builder