Forgot to mention... the site I have running is using version 2.1.10; I also checked the code in 2.1.11 Version 3.0.0.a2 seems to be using a much smaller set of checks, possibly just disallowing the <script> tag? From edithtml.py part of def ChangeHTML :
Forgot to mention... the site I have running is using version 2.1.10; I also checked the code in 2.1.11 Version 3.0.0.a2 seems to be using a much smaller set of checks, possibly just disallowing the <script> tag? From edithtml.py part of def ChangeHTML :
code = re.sub( r'<([/] ?script. *?)>', r'<\1>', code)
(2.1.11 has if Utils.suspiciou sHTML(code) :...)