Attention
TYPO3 v12 has reached end-of-life as of April 30th 2026 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.
Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v12 here: TYPO3 ELTS.
Sanitize.html ViewHelper <f:sanitize.html>
Passes a given content through typo3/ to mitigate potential
cross-site scripting occurrences. Given default build corresponds to class
TYPO3CMSCore declaring allowed HTML tags,
attributes and their values.
Examples
Default parameters
<f:sanitize.html>
<img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>
Copied!
Output:
<img src="/img.png" class="image">
Copied!
Inline notation
{richTextFieldContent -> f:sanitize.html(build: 'default')}
Copied!
Go to the source code of this ViewHelper: Sanitize\HtmlViewHelper.php (GitHub).
Arguments
The following arguments are available for the sanitize.html ViewHelper:
build
-
- Type
- string
- Default
- 'default'
preset name or class-like name of sanitization builder