After updating to 7.x-1.4 the Log In Text and the Password Reset Title are not accepting HTML code.

Comments

nnason created an issue. See original summary.

3cwebdev’s picture

3cwebdev commented

There was a recent XSS security issue reported with this module and the team has supplied a patch to resolve it. It sounds like the patch removed the ability to post HTML into the admin settings fields.

It may take some time to be able to look into this and find a solution that allows HTML and meets the security requirements.

3cwebdev’s picture

3cwebdev commented
Assigned: Unassigned » 3cwebdev

  • 3CWebDev committed 4e54bb6 on 7.x-1.x 
    Issue #3089219: HTML not working in Log In Text
3cwebdev’s picture

3cwebdev commented

A fix has been added to the DEV version of the 7x branch to re-allow filtered HTML in the admin text fields. Please test.

nnason’s picture

nnason commented

It's still not accepting the CSS styling from my theme when I disable the option to turn the module's CSS style sheet.

For example, <h2 class="heading-primary">Login Page</h2>, only shows "Login Page" with no styling. Some straight HTML code does seem to work like strong or em, but h1 or h2 by itself does not.

3cwebdev’s picture

3cwebdev commented

For security purposes we are using Drupal's filter_xss() function which limits the tags allow. More information can be found here: https://api.drupal.org/api/drupal/includes%21common.inc/function/filter_...

If you need special styling outside of the tags I suggest you try to target the elements form within your custom CSS style sheet.

3cwebdev’s picture

3cwebdev commented
Status: Active » Closed (works as designed)