Oliver Hader
... and for tags having all (invalid) attributes removed, e.g. `` → ``
There was a similar report for `phpstan/phpstan` at https://github.com/phpstan/phpstan/issues/6562 (just for the SA records)
This is how it looks using `@psalm-taint-specialize` (but still, it's not feasible to adjust and manipulate each class in a particular project). https://psalm.dev/r/a3bf6ed8c6
And this is how it would look like in framework-land, having builder, factories, facades triggering object instantiation. It seems all invocations have to use `@psalm-taint-specialize`. https://psalm.dev/r/458f429c05
Can test it tomorrow. I'm not sure whether `bs-content` was different there, due to BS5
Can be reproduced by using a sub-reference to a variable that is not defined in a Fluid template, e.g. `{{someUndefinedVariable}}`
Core issue is solved now, anyway this package should ensure type-safety
Hm... I think I misinterpreted `bypassAccessCheckForRecords` and `isImporting`...
seems like https://docs.cryptpad.fr/en/admin_guide/customization.html#restricting-guest-access, by extending `customize/application_config.js` with the following assignment solved for me: ```js AppConfig.registeredOnlyTypes = AppConfig.availablePadTypes; ```
... the assignment above also disables the possibility to share read-only documents to "the public". Did not find anything else for disabling anonymous write-access, but keeping the ability to still...