Securing user input

Drupal's Input Formats provide a variety of benefits. They can be used to enhance the functionality of your site but one of the main purposes is to ensure that data entered on your site is safe for site visitors. For example, if you allow anonymous commenting with "Full HTML" input format, a visitor could add an inappropriate image or malicious JavaScript code capable of changing your password on the site.

The default input format configurations and permissions are safe. There are a couple of things you may change which can make them unsafe:

1. Adding tags to input filters be especially careful with the roles allowed to use SCRIPT, IMG, IFRAME, EMBED, OBJECT, INPUT, LINK, STYLE, META, FRAMESET, DIV, SPAN, BASE, TABLE, TR, TD, tags.
2. Re-arranging the order of filters especially for untrusted users (anonymous, or those with low level roles) you will want to have the HTML Filter run at the end of the set of filters.
3. Changing permissions on filters you should only allow advanced tags (item 1 above) and "Full HTML" for registered users that you trust.

While it is tempting, especially when using WYSIWYG editors, to enable more tags for anonymous users or to allow "Full HTML" this will lead to an unsafe site. Then it is only a matter of time and luck until your site is either compromised or used to attack another site.

This page is based on advice from Feedparser.org's html sanitization and R-Snake's list of xss vulnerabilities. If you have ideas about changing tags from one area to another, please read those pages first.