Sanitize.html ViewHelper `<f:sanitize.html>`

ViewHelper to pass a given content through typo3/html-sanitizer to mitigate potential cross-site scripting occurrences. The build option by default uses the class TYPO3\CMS\Core\Html\DefaultSanitizerBuilder, which declares allowed HTML tags, attributes and their values.

Go to the source code of this ViewHelper: Sanitize\HtmlViewHelper.php (GitHub).

Arguments

The following arguments are available for the sanitize.html ViewHelper:

build

Type: string
Default: 'default'

preset name or class-like name of sanitization builder

Examples

Default parameters

<f:sanitize.html>
  <img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>

Output:

<img src="/img.png" class="image">

Inline notation

{richTextFieldContent -> f:sanitize.html(build: 'default')}

Sanitize.html ViewHelper <f:sanitize.html>

Arguments

build

Examples

Default parameters

Inline notation

Sanitize.html ViewHelper `<f:sanitize.html>`