Enabling XSS attack on Drupal results in 403

Discussion in 'Install/Configuration' started by csdco, Jun 28, 2011.

  1. csdco

    csdco Member

    The XSS attack Request Filter seems to think any AHAH Framework JavaScript callback is an XSS attack. I had to disable this filter completely to allow forms with file uploads on them to submit without getting a 403.

    Is this a big concern? Drupal has a lot of built in XSS filtering to handle form submission and the like, but I'm curious if there is anything in the raw JS from user-to-server that I should be thinking about.

Share This Page