Enabling XSS attack on Drupal results in 403

#1
The XSS attack Request Filter seems to think any AHAH Framework JavaScript callback is an XSS attack. I had to disable this filter completely to allow forms with file uploads on them to submit without getting a 403.

Is this a big concern? Drupal has a lot of built in XSS filtering to handle form submission and the like, but I'm curious if there is anything in the raw JS from user-to-server that I should be thinking about.
 
Top