Current linkVars configuration brakes links on site when ?L= with forged value is added

[agendartobias]

Bug Report

Prerequisites

• [YES] Can you reproduce the problem on TYPO3 v10.4 LTS
• [YES] Can you reproduce the problem on TYPO3 v11.5
• [YES] Did you perform a cursory search to see if your bug or enhancement is already reported?

Description

When forged value is added with ?L (example: test.si/my-subpage/?L=459) parameter on site that runs with bootstrap package module that parameter breaks the a href URLs in HTML source (for example a href for the website logo and other URLs in content elements).

Steps to reproduce

1. Clear cache in TYPO3 (very important)
2. Enter the valid URL of some accessible TYPO3 subpage with additional parameter with some forged value?L=432 (example: test.si/my-subpage/?L=432)
3. Now check the source code, you will see that website logo dont have a href parameter wraped around
4. Now if you check that same subpage with a valid URL (you can do that in different browser) so in our case: test.si/my-subpage/ the site is brokend and dont some a href parameters

I managed to fix this problem with overriding linkVars value that is defined in this file: https://github.com/benjaminkott/bootstrap_package/blob/master/Configuration/TypoScript/setup.typoscript#L467

I override (emptied) it with linkVars >

[gilbertsoft]

Thanks! IIRC this value is superfluous since 9.5 and can be removed like you did.