I run a shoutbox on my website, and someone tried to post part of the Declaration of Independence, but I got a security alert for XSS tag stripping. I can't see what's wrong with the post, how would I fix this so a post like this is allowed?
Here's the text:
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. –That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, –That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its fou
Here's the log title: Tags stripped from string (possible XSS attack) :[POST:jjshout]
I have just downloaded the attachment and removed it.
After analysing it I don't see the pattern, but be fully sure there are html or php tags into the field. I'm going to download the extension to do some tests, but meanwhile you can add the component involved (com_ajax) as exception into the Xss filter.