Typo3 - own viewhelper escapes HTML in T3 V8

Question

I have a viewhelper which worked well in Typo3 V7.x, but in V8.x its output is not plain html any more, but it's html-encoded.

Simplified viewhelper class:

namespace MyName\Teaserbox\ViewHelpers;
class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper {
    public function render ( $html = null ) {
        return "<div><h2>$html</h2></div>"
    }
}

Simplified HTML:

<m:teaserbox><f:cObject typoscriptObjectPath="lib.someHTML"></f:cObject></m:teaserbox>

Output is something like:

&lt;div&gt;&lt;h2&gt;TEST&lt;/h2&gt;&lt;/div&gt;

score 6 · Accepted Answer · answered May 18 '18 at 10:02

Escaping can be turned off by adding protected $escapeOutput = false; to your ViewHelper.

namespace MyName\Teaserbox\ViewHelpers;
class TeaserboxViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper {
    protected $escapeOutput = false;

    public function render ( $html = null ) {
        return "<div><h2>$html</h2></div>"
    }
}

Doing so, you must be aware of, that you need to sanitize user input yourself in order to prevent XSS.

Typo3 - own viewhelper escapes HTML in T3 V8

1 Answers1