The secure CMS.
Welcome to Geeklog Thursday, December 12 2013 @ 11:54 PM EST
The following comments are owned by whomever posted them. This site is not responsible for what they say.
// Hack to filter out user-generated CSS attributes
$str = preg_replace( '/style="[^"]+"/', '', $str );
Doh!... that actually only fixes it if the user writes nice clean HTML with no spaces before/after the = sign.
I'm thinking maybe phpfilter should be integrated instead, it still lets images from the main site get loaded (allowing you to disable a page with a 2000x2000 pixel repeating pattern of the site logo) but I've contacted the author about it.
Anyone have other suggestions?