Attention

TYPO3 v9 has reached its end-of-life September 30th, 2021 and is not maintained by the community anymore. Looking for a stable version? Use the version switch on the top left.

You can order Extended Long Term Support (ELTS) here: TYPO3 ELTS.

sanitize.html

Passes a given content through typo3/html-sanitizer to mitigate potential cross-site scripting occurrences. Given default build corresponds to class TYPO3\CMS\Core\Html\DefaultSanitizerBuilder declaring allowed HTML tags, attributes and their values.

Examples

Default parameters

<f:sanitize.html>
  <img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>

Output:

<img src="/img.png" class="image">

Inline notation

{richTextFieldContent -> f:sanitize.html(build: 'default')}

Arguments

build

DataType

string

Default

'default'

Required

false

Description

Preset name or class-like name of sanitization builder