sanitize.html
Passes a given content through typo3/html-sanitizer
to mitigate potential
cross-site scripting occurrences. Given default
build corresponds to class
TYPO3\CMS\Core\Html\DefaultSanitizerBuilder
declaring allowed HTML tags,
attributes and their values.
Examples
Default parameters
<f:sanitize.html>
<img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>
Output:
<img src="/img.png" class="image">
Inline notation
{richTextFieldContent -> f:sanitize.html(build: 'default')}
Arguments
build
- DataType
string
- Default
'default'
- Required
false
- Description
Preset name or class-like name of sanitization builder