8 May
2005
8 May
'05
5:13 a.m.
In 4.6 includes/common.inc, in the function valid_input_data(), there is a check for various entities. Among these entities, there is a check for "style". http://drupaldocs.org/api/4.6/function/valid_input_data I use the banner module with text ads, and I use things like: <div style="some-style-definitions">some text</div> This check causes the above to be flagged as a security breach attempt and is logged to the watchdog as such. http://drupal.org/node/20608#comment-29106 My question is: Can the "style" element be used in malicious attacks? If yes, then how? Thanks in advance.