Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By capmex on
I found very restrictive the limited subset of html elements allowed on the mission statement field. According to the function 'filter_xss' the only allowed elements are:
'a', 'em', 'strong', 'cite', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd'
I was using 'h1', 'h2' and 'img'. Do they posse a threat regarding xss injection?
Comments
I to think this is a bit to
I to think this is a bit to restrictive for misson since it's the admin who will enter it and not some random user.
I use a PHPTemplate theme and have removed the filter_xss() for misson in phptemplate.engine, line 146.
img
img can present threats, so can a. The other limitations of the list of accepted tags are because they are provided mostly as examples.
Just an update, in the
Just an update, in the latest stable version of drupal 4.7 more tags are allowed.
--
Webmaster Resources | Canadian Directory