13 Mar
2007
13 Mar
'07
1:52 a.m.
On 3/12/07, Karoly Negyesi <karoly@negyesi.net> wrote:
Regarding security, those who use such a module, might be inclined to relax the tight security of filtered HTML to allow fancy features of the editor and there it goes. Indeed what you see is what you get even if it's XSS.
As for XSS, there is a HTML Purifier (http://hp.jpsband.org/) module for Drupal being developed outside of drupal.org, worth checking out: http://bart.motd.be/projects/html-purifier-drupal-module