Inside TYPO3

< 3.10.5. Notice!  Table Of Content 3.10.7. Security reports >

3.10.6. XSS (Cross Site Scripting)

TYPO3 has not been thoroughly screened for XSS bugs. However the general coding style of TYPO3 has always implemented htmlspecialchars() and strip_tags() where necessary so the state in regard to XSS should be fairly sound. We also include guidelines for preventing XSS bugs in the official Coding Guidelines.

If you have found XSS bugs or generally want to help out by testing or offering expertise on the matter, please let us know.

To top


Valid XHTML 1.0!