? modr8-actions-310723-2.patch
? modr8_coder-313907.patch
? more-modr8-cleanup-313907-5.patch
? nested-forms-modr8-355830-5.patch
? response-form-319073-5.patch
? response-form-319073-6.patch
? response-form-319073-6x-fu.patch
Index: modr8_admin.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/modr8/modr8_admin.inc,v
retrieving revision 1.24
diff -u -p -r1.24 modr8_admin.inc
--- modr8_admin.inc	20 Oct 2008 22:44:52 -0000	1.24
+++ modr8_admin.inc	22 Jan 2009 02:30:57 -0000
@@ -311,7 +311,9 @@ function theme_modr8_form(&$form) {
         'data' => drupal_render($form[$key]['ops']) . $note_field,
         'style' => 'vertical-align:top;'
       );
-      $preview = $form[$key]['preview']['#value'];
+      // Apply extra filtering to insure we don't have nested form elements,
+      // unexpected script, etc.
+      $preview = filter_xss_admin($form[$key]['preview']['#value']);
 
       if (!empty($form[$key]['log_link']['#value'])) {
         $preview .= '<div><em>'. drupal_render($form[$key]['log_link']) .'</em></div>';