[development] How to control HTML user input preserving the "style" attributes?

Konstantin Käfer kkaefer at gmail.com
Mon Oct 23 17:13:15 UTC 2006

> I believe filter.module does that for security reasons.

The reason why filter.module removes style tags is simple: some dumb  
browsers allow JavaScript inside stylesheets, for example "font- 
size:expression(prompt('Enter a font name:', 'Arial'));". Using that  
you could execute potentially harmful JavaScript code that allows for  

Konstantin Käfer – http://kkaefer.com/

More information about the development mailing list