Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
As far as I can tell, the "HTML Filter" is the only filter to perform XSS checking. We should probably pass this message on to our site administrators within the admin interface. Here's a first attempt.
Comment | File | Size | Author |
---|---|---|---|
#7 | filter-desc2.patch | 896 bytes | telcontar |
filter-desc.patch | 840 bytes | matt westgate | |
Comments
Comment #1
Steven CreditAttribution: Steven commentedA more accurate description is that "it will also remove harmful content such as JavaScript events, JavaScript URLs and CSS styles from those tags that are not removed." Vague constructs like "attempts to sanitize user input" only cause confusion.
Comment #2
Dries CreditAttribution: Dries commentedDepends on the target audience. My mother doesn't know what Javascript or CSS is, but she can tell that "sanitizing input" is a good thing.
Comment #3
Dries CreditAttribution: Dries commentedLooking at this closer, it looks like the message would only be shown to administrator (and not on the content submission page)? If that is the case, Steven's message sounds like the best option. If not, I'd go with Matt's.
Comment #4
matt westgate CreditAttribution: matt westgate commentedDries you're correct. Only a site administrator will see this message while configuring input formats. I like Steven's wording better than mine.
Comment #5
Dries CreditAttribution: Dries commentedI guess we need a new patch then. :)
Comment #6
dmitrig01 CreditAttribution: dmitrig01 commentedlove the idea, but it's do for a re-roll
Comment #7
telcontar CreditAttribution: telcontar commentedRerolled against HEAD.
Comment #8
Dries CreditAttribution: Dries commentedCommitted to CVS HEAD. Thanks. :)
Comment #9
(not verified) CreditAttribution: commented