In FeedAPI settings I'm only allowing the default tags. When I look at the node in full view the correct tags have been striped. However in teaser view it is allowing all HTML. Any ideas why this might be happening?

Comments

alpinejag’s picture

Category: bug » support

changing category

alex_b’s picture

Priority: Normal » Critical

This is a potential security problem.

alpinejag’s picture

Is it happening to anyone else? This is the first site I have used FeepAPI on so it might just be a fluke with how I set something up. The site isn't live so I haven't been to worried about it but I did think about potential security issues.

aron novak’s picture

Status: Active » Fixed

Fixed for 6.x and 5.x .

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.