Attention

TYPO3 v11 has reached end-of-life as of October 31th 2024 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.

Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v11 here: TYPO3 ELTS.

Sanitize.html ViewHelper `<f:sanitize.html>`

Passes a given content through typo3/html-sanitizer to mitigate potential cross-site scripting occurrences. Given default build corresponds to class TYPO3\CMS\Core\Html\DefaultSanitizerBuilder declaring allowed HTML tags, attributes and their values.

Examples

Default parameters

<f:sanitize.html>
  <img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>

Output:

<img src="/img.png" class="image">

Inline notation

{richTextFieldContent -> f:sanitize.html(build: 'default')}

Source code

Go to the source code of this ViewHelper: HtmlViewHelper.php (GitHub).

Arguments

The following arguments are available for <f:sanitize.html>:

Name	Type	Default
build	string	`'default'`

build

Type: string
Default: 'default'

Preset name or class-like name of sanitization builder

Sanitize.html ViewHelper <f:sanitize.html>