--- wysiwyg_filter.module	2009-01-23 20:23:55.000000000 +0100
+++ wysiwyg_filter.module	2009-01-23 20:39:07.000000000 +0100
@@ -713,9 +713,6 @@ function _wysiwyg_filter_xss_attributes(
             continue;
           }
 
-          // Filter property value for bad protocols (note that property value has already been decoded).
-          $property_value = wysiwyg_filter_xss_bad_protocol($property_value);
-
           // Check style property syntax.
           if (!preg_match($allowed_properties[$property_name], $property_value)) {
             // Ignore property if value does not match syntax rules.
@@ -748,6 +745,11 @@ function _wysiwyg_filter_xss_attributes(
             // http://www.w3.org/TR/CSS2/syndata.html#uri
             $url = preg_replace('`\\\\([(),\'"\s])`', '\1', $url[1]);
 
+            // Ignore property if it fails the check for bad protocols.
+            if (wysiwyg_filter_xss_bad_protocol($url) != $url) {
+              continue;
+            }
+
             // Check URL against advanced filter rules.
             $match_found = FALSE;
             foreach ($allowed_style_urls as $regexp) {
@@ -761,6 +763,10 @@ function _wysiwyg_filter_xss_attributes(
               continue;
             }
           }
+          else {
+            // Filter property value for bad protocols (note that property value has already been decoded).
+            $property_value = wysiwyg_filter_xss_bad_protocol($property_value);
+          }
 
           // Sanitized property name and value (check_plain'd here).
           $sanitized_properties[] = $property_name .':'. check_plain($property_value);