phpReactor - Cross-Site Scripting via STYLE

["Matthew Murphy" <mattmurphy () kc rr com>]

phpReactor has recently been updated to eliminate several known cross-site
scripting vulnerabilities.  Among these changes was to reduce the tags
allowed in posts, profiles, etc. down to B, I, and FONT.  However, using the
"STYLE" attribute, one can still defeat this:

<b style="expression(alert(document.cookie))">

This won't work on all browsers (IE runs it, though)

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown