Sanitize.html ViewHelper <f:sanitize.html>

Passes a given content through typo3/html-sanitizer to mitigate potential cross-site scripting occurrences. Given default build corresponds to class TYPO3\CMS\Core\Html\DefaultSanitizerBuilder declaring allowed HTML tags, attributes and their values.

Examples

Default parameters

<f:sanitize.html>
  <img src="/img.png" class="image" onmouseover="alert(document.location)">
</f:sanitize.html>
Copied!

Output:

<img src="/img.png" class="image">
Copied!

Inline notation

{richTextFieldContent -> f:sanitize.html(build: 'default')}
Copied!

Source code

Go to the source code of this ViewHelper: HtmlViewHelper.php (GitHub).

Arguments

The following arguments are available for <f:sanitize.html>:

Name Type Default
string 'default'
build
Type
string
Required

true

Default
'default'

Preset name or class-like name of sanitization builder