diff --git a/NEWS b/NEWS
index 0e787c9e..cc05dada 100644
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - HTMLPurifier::instance() created for consistency, is equivalent to getInstance()
 - Fixed and revamped broken ConfigForm smoketest
 - Bug with bool/null fields in Printer_ConfigForm fixed
+- Bug with global forbidden attributes fixed
 - Improved error messages for allowed and forbidden HTML elements and attributes
 - Missing (or null) in configdoc documentation restored
 - If DOM throws and exception during parsing with PH5P (occurs in newer versions
diff --git a/TODO b/TODO
index 417d7585..ea330ff6 100644
--- a/TODO
+++ b/TODO
@@ -11,9 +11,6 @@ If no interest is expressed for a feature that may require a considerable
 amount of effort to implement, it may get endlessly delayed. Do not be
 afraid to cast your vote for the next feature to be implemented!
 
- - FINISH THE DRUPAL MODULE!!!
- - Get PH5P working with the latest versions of DOM, which have much more
-   stringent error checking procedures. Maybe convert straight to tokens.
  - Figure out what to do with $this->config configuration object calls
    in the scanner
  - Quick optimizations for empty strings and strings without HTML (make sure
@@ -87,6 +84,8 @@ AutoFormat
 Optimizations
  - Reduce size of internal data-structures (esp. HTMLDefinition)
  - Combine multiple strategies into a single, single-pass strategy
+ - Get PH5P working with the latest versions of DOM, which have much more
+   stringent error checking procedures. Maybe convert straight to tokens.
 
 Neat feature related
  ! Factor demo.php into a set of Printer classes, and then create a stub
diff --git a/library/HTMLPurifier/HTMLDefinition.php b/library/HTMLPurifier/HTMLDefinition.php
index 3310bbc2..d8e22ee9 100644
--- a/library/HTMLPurifier/HTMLDefinition.php
+++ b/library/HTMLPurifier/HTMLDefinition.php
@@ -348,6 +348,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
                 }
             }
         }
+        foreach ($forbidden_attributes as $key => $v) {
+            if (strlen($key) < 2) continue;
+            if ($key[0] != '*') continue;
+            if ($key[1] == '.') {
+                trigger_error("Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", E_USER_WARNING);
+            }
+        }
         
     }
     
diff --git a/tests/HTMLPurifier/HTMLDefinitionTest.php b/tests/HTMLPurifier/HTMLDefinitionTest.php
index 35048ab0..a396d100 100644
--- a/tests/HTMLPurifier/HTMLDefinitionTest.php
+++ b/tests/HTMLPurifier/HTMLDefinitionTest.php
@@ -214,6 +214,28 @@ a[href|title]
         $this->assertPurification('<b style="float:left;">Test</b>');
     }
     
+    function test_ForbiddenAttributes_incorrectGlobalSyntax() {
+        $this->config->set('HTML', 'ForbiddenAttributes', '*.style');
+        $this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
+        $this->assertPurification('<b style="float:left;">Test</b>');
+    }
+    
+    function assertPurification_ForbiddenAttributes_style() {
+        $this->assertPurification(
+            '<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
+            '<b class="foo">b</b><i>i</i>');
+    }
+    
+    function test_ForbiddenAttributes_global() {
+        $this->config->set('HTML', 'ForbiddenAttributes', 'style');
+        $this->assertPurification_ForbiddenAttributes_style();
+    }
+    
+    function test_ForbiddenAttributes_globalVerboseFormat() {
+        $this->config->set('HTML', 'ForbiddenAttributes', '*@style');
+        $this->assertPurification_ForbiddenAttributes_style();
+    }
+    
     function test_addAttribute() {
         
         $config = HTMLPurifier_Config::create(array(