Oliver Hader
### Current behavior I received a CSP violation with a script sample like `{"@context":"https://schema.org/","@grap`, which refers back to the JSON-LD schema integration. The tag is correctly embedded as `` and...
Add Sanitizer deprecations again, that have been disabled in issue #99, PR #100 (after v2.1.0 release).
Example (uses preset declaring `` and applies it): ```php use TYPO3\HtmlSanitizer\Behavior; use TYPO3\HtmlSanitizer\Builder\Preset\IframePreset; $behavior = (new Behavior()) ->withFlags(Behavior::ENCODE_INVALID_TAG | Behavior::REMOVE_UNEXPECTED_CHILDREN) ->withName('scenario-test') ->withPreset(new IframePreset()); ``` Related: #91
The name `ReplaceDomNodeException` reflects better what it actually does. Besides that, class alias has to be added for backward compatibility.
```php use TYPO3\HtmlSanitizer\Behavior; use TYPO3\HtmlSanitizer\Builder\Preset\IframePreset; $behavior = (new Behavior()) ->withFlags(Behavior::ENCODE_INVALID_TAG | Behavior::REMOVE_UNEXPECTED_CHILDREN) ->withName('scenario-test') ->withPreset(new IframePreset()); ```
To keep track of using deprecated markup, tags, attributes, a new flag shall be introduced that reflects this `deprecated` state. Valid for these objects: * `Behavior\Tag` * `Behavior\Attr`
see https://github.com/tgalopin/html-sanitizer/blob/master/src/Sanitizer/StringSanitizerTrait.php#L19-L37 * probably integrate as well (source uses MIT license) * see https://github.com/tgalopin/html-sanitizer/pull/6 * credit https://github.com/tgalopin
https://github.com/TYPO3/TYPO3.CMS.BaseDistribution/blob/v13.0.2/composer.json#L17 → Doctrine DBAL v4.0.0 (stable) has been released → https://github.com/doctrine/dbal/releases/tag/4.0.0
This requires some refactoring of server-side `ComposerPackagesService` and client-side `composerHelper.js`, e.g. ```php 'typo3/minimal' => [ 'typo3/cms-backend' => true, 'typo3/cms-core' => true, 'typo3/cms-extbase' => true, 'typo3/cms-extensionmanager' => ['versions' => 8, 9,...