In updating one of my sites from 4.6 to 5.x, I discovered that CSS styles were disappearing from my HTML prior to display of my site mission. After an hour or so of spinning my wheels, I discovered that beginning with the upgrade to 4.7, the $mission and $footer_message variables have been changed so that they now run through the filter_xss_admin() function.

There are ways to work around this limitation, of course, but I don't understand why $mission needs to be filtered in this fashion. The only way to change the $mission variable is through admin/settings, and I find it hard to image a real-world scenario where website administrators cannot be trusted to put whatever they want into the $mission variable.

Comments

ryanrain’s picture

ryanrain commented

same scenario here. i'd like to echo sheldon's recommendation.

dvessel’s picture

dvessel commented
Status: Active » Closed (works as designed)

See http://api.drupal.org/api/function/filter_xss_admin/5

The tags it allows are reasonable. If you need to go beyond that then you might as well work around it through your theme.