jrenggli · August 11, 2016 16:26
diff --git a/FormatCdataViewHelper.php b/FormatCdataViewHelper.php
 <?php
 namespace Swisscom\Finapp\ViewHelpers;

 // Credits: https://git.typo3.org/Packages/TYPO3.CMS.git/blob_plain/HEAD:/typo3/sysext/fluid/Classes/ViewHelpers/Format/CdataViewHelper.php
 // Extended with functionality to only wrap if CDATA is necessary.
 // See $predeclaredCharacters

 	/*                                                                        *
 	 * This script is backported from the TYPO3 Flow package "TYPO3.Fluid".   *
 	 *                                                                        *
 	 * It is free software; you can redistribute it and/or modify it under    *
 	 * the terms of the GNU Lesser General Public License, either version 3   *
 	 *  of the License, or (at your option) any later version.                *
 	 *                                                                        *
 	 * The TYPO3 project - inspiring people to share!                         *
 	 *                                                                        */

 use TYPO3\Fluid\Core\ViewHelper\AbstractViewHelper;

 /**
 * Outputs an argument/value without any escaping and wraps it with CDATA tags
 * if necessary.
 *
 * PAY SPECIAL ATTENTION TO SECURITY HERE (especially Cross Site Scripting),
 * as the output is NOT SANITIZED!
 *
 * = Examples =
 *
 * <code title="Child nodes">
 * <my:formatCdata>{string}</my:formatCdata>
 * </code>
 * <output>
 * <![CDATA[(Content of {string} without any conversion/escaping)]]>
 * </output>
 *
 * <code title="Value attribute">
 * <my:formatCdata value="{string}" />
 * </code>
 * <output>
 * <![CDATA[(Content of {string} without any conversion/escaping)]]>
 * </output>
 *
 * <code title="Inline notation">
 * {string -> my:formatCdata()}
 * </code>
 * <output>
 * <![CDATA[(Content of {string} without any conversion/escaping)]]>
 * </output>
 *
 * @api
 */
 class FormatCdataViewHelper extends AbstractViewHelper {

 	/**
 	 * Disable the escaping interceptor because otherwise the child nodes would be escaped before this view helper
 	 * can decode the text's entities.
 	 *
 	 * @var bool
 	 */
 	protected $escapingInterceptorEnabled = FALSE;

 	/**
 	 * Predeclared characters according to XML specification
 	 * http://xml.silmaril.ie/specials.html
 	 *
 	 * @var array
 	 */
 	protected $predeclaredCharacters = array ('&', '<', '>', '"', "'");

 	/**
 	 * @param mixed $value The value to output
 	 * @return string
 	 */
 	public function render($value = NULL) {
 		if ($value === NULL) {
 			$value = $this->renderChildren();
 		}

 		foreach ($this->predeclaredCharacters as $c) {
 			if (stripos($value, $c) !== false) {
 				return sprintf('<![CDATA[%s]]>', $value);
 			}
 		}

 		return $value;
 	}
 }
	<?php
	namespace Swisscom\Finapp\ViewHelpers;

	// Credits: https://git.typo3.org/Packages/TYPO3.CMS.git/blob_plain/HEAD:/typo3/sysext/fluid/Classes/ViewHelpers/Format/CdataViewHelper.php
	// Extended with functionality to only wrap if CDATA is necessary.
	// See $predeclaredCharacters

	/* *
	* This script is backported from the TYPO3 Flow package "TYPO3.Fluid". *
	* *
	* It is free software; you can redistribute it and/or modify it under *
	* the terms of the GNU Lesser General Public License, either version 3 *
	* of the License, or (at your option) any later version. *
	* *
	* The TYPO3 project - inspiring people to share! *
	* */

	use TYPO3\Fluid\Core\ViewHelper\AbstractViewHelper;

	/**
	* Outputs an argument/value without any escaping and wraps it with CDATA tags
	* if necessary.
	*
	* PAY SPECIAL ATTENTION TO SECURITY HERE (especially Cross Site Scripting),
	* as the output is NOT SANITIZED!
	*
	* = Examples =
	*
	* <code title="Child nodes">
	* <my:formatCdata>{string}</my:formatCdata>
	* </code>
	* <output>
	* <![CDATA[(Content of {string} without any conversion/escaping)]]>
	* </output>
	*
	* <code title="Value attribute">
	* <my:formatCdata value="{string}" />
	* </code>
	* <output>
	* <![CDATA[(Content of {string} without any conversion/escaping)]]>
	* </output>
	*
	* <code title="Inline notation">
	* {string -> my:formatCdata()}
	* </code>
	* <output>
	* <![CDATA[(Content of {string} without any conversion/escaping)]]>
	* </output>
	*
	* @api
	*/
	class FormatCdataViewHelper extends AbstractViewHelper {

	/**
	* Disable the escaping interceptor because otherwise the child nodes would be escaped before this view helper
	* can decode the text's entities.
	*
	* @var bool
	*/
	protected $escapingInterceptorEnabled = FALSE;

	/**
	* Predeclared characters according to XML specification
	* http://xml.silmaril.ie/specials.html
	*
	* @var array
	*/
	protected $predeclaredCharacters = array ('&', '<', '>', '"', "'");

	/**
	* @param mixed $value The value to output
	* @return string
	*/
	public function render($value = NULL) {
	if ($value === NULL) {
	$value = $this->renderChildren();
	}

	foreach ($this->predeclaredCharacters as $c) {
	if (stripos($value, $c) !== false) {
	return sprintf('<![CDATA[%s]]>', $value);
	}
	}

	return $value;
	}
	}