[drupal-devel] Question on valid_input_data()
K B
kbahey at gmail.com
Sun May 8 11:34:38 UTC 2005
On 5/8/05, Dries Buytaert <dries at buytaert.net> wrote:
>
> On 08 May 2005, at 05:41, K B wrote:
>
> > Actually, after some more tracing, the style element was the not the
> > culprit. It was the on[a-z]+ regexp. I think this filters the
> > javascript on* events.
> >
> > If I have banners that rely on using onclick to redirect to an ad
> > serving page/script, and these are being blocked by Drupal, what can
> > be done about them?
>
> You can check the 'bypass input data check' permission.
Since this problem occurs with the banner module when it runs its cron
function, it is run under anonymous. Hence it is not an option to
change the permissions, since it will open more security holes that
way.
More information about the drupal-devel
mailing list