I was looking at the KB-robots.txt plugin today and I had a thought. (Actually I was rewriting it a bit so to generate a better starting robots.txt file. If anyone wants it, please let me know. It appears that the author is taking some time off.)
It saves the data within the options table so it gets run through the kses security filter.
There’s really not a css editor that’s public because we’re all concerned about running that content through the kses filter.
So way is it that it’s OK for the KB-robots.txt content but not for the CSS content? Granted it;s just a text file but it is headed into the db.
edit: Doubly concerned now as it appears the same checks aren’t being done as like in a post:
I mean I can solve this in two seconds by adding in a filter for the htmlpurifier filter. That’s what we use for the css editor we use.