sanitize.html ViewHelper <f:sanitize.html>

Passes a given content through typo3/html-sanitizer to mitigate potential cross-site scripting occurrences. Given default build corresponds to class TYPO3\CMS\Core\Html\DefaultSanitizerBuilder declaring allowed HTML tags, attributes and their values.

Examples

Default parameters

<f:sanitize.html>
  <img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>
Copied!

Output:

<img src="/img.png" class="image">
Copied!

Inline notation

{richTextFieldContent -> f:sanitize.html(build: 'default')}

Copied!

Arguments

build

DataType
string
Default
'default'
Required
false
Description
Preset name or class-like name of sanitization builder