[drupal-devel] Question on valid_input_data()

K B kbahey at gmail.com
Sun May 8 03:13:39 UTC 2005

In 4.6 includes/common.inc, in the function valid_input_data(), there
is a check for various entities. Among these entities, there is a
check for "style".


I use the banner module with text ads, and I use things like:

<div style="some-style-definitions">some text</div>

This check causes the above to be flagged as a security breach attempt
and is logged to the watchdog as such.


My question is: Can the "style" element be used in malicious attacks?
If yes, then how?

Thanks in advance.

More information about the drupal-devel mailing list