When the escape hole in the Drupal.checkPlain function was closed in Drupal 6.1, the fix was not committed to Drupal 7.x. The patch is located at http://cvs.drupal.org/viewvc.py/drupal/drupal/misc/drupal.js?view=patch&....

Comments

kkaefer’s picture

kkaefer commented
Status: Reviewed & tested by the community » Fixed

This has been fixed in http://drupal.org/cvs?commit=107206.

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.