The current revision doesn't allow you have quotes in the inline css for
example the quotes in the following inline css will be converted to
font-family: "Times New Roman";
On Thu, Jul 31, 2008 at 4:58 PM, Aran
I'm not sure about the exploit side of
things, but what I do know is
that if you add the htmlspecialchars then it breaks the functionality
because it converts quotes etc in the inline CSS into entities, so it
really needs to be removed.
Even if the CDATA declaration isn't there?
Wikitech-l mailing list