For even greater security should use the input format of the node instead of just drupal_evaling the thing. This offloads the security to use the php input format to the node/input format security system rather than being the responsibility of the person who can administer microsummary.

This could lead to more support requests/confusion so it's probably worth documenting this fairly well.

Comments

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Status: Active » Fixed

Fixed in http://drupal.org/cvs?commit=49710

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)