David.Writes("<Code>");

Don't mind me… just here to take over the world…

January, 2012

drupal XSS filtering removes unrecognized tags

So I just installed drupal 7.10 and am playing around with it a bit.  I changed my site name to david->writes(‘<drupal>’);.  What I got was david->writes(”);.  I got the same thing when trying to post this message to the drupal forums, as I figured I might.  So I manually escaped it.  I figured the validation was removing […]