Slashdot|MS Security: On A Path As Clear As It Is Reliable pointed me to Expert hacks Hotmail in 1 line of code which in turn pointed me here, which reveals that STYLE tags in netscape will execute the stuff enclosed in style tags as javascript, if the TYPE attribute of the style tag is "application/x-javascript".

Your code: 56: $str=~s/<script[^>]*>.*?<\/script[^>]*>//igs if $$USER{jsoff};

My addition (you're welcome to improve):

#!/usr/bin/perl -w
use strict;

my $string = q|<STYLE TYPE="application/x-javascript" Language='Englis
+h' TYPE="application/x-javascript">|;
printf "%s\n", $string;

$string =~ s¡<STYLE\s([^>]*)>¡
          {
            my $trt = $1;
#            $trt =~ s!type=\S+?(\s|"|')!TYPE="text/css"!igs;
            $trt =~ s!type=\S+?[ '"]!TYPE="text/css"!igs;
            qq(<STYLE $trt>)
          }¡eigsx;

printf "%s\n", $string;
[download]

update: a slightly smarter version

#!/usr/bin/perl -w
use strict;

my $string = q|<STYLE TYPE="application/x-javascript" Language='Englis
+h' TYPE="application/x-javascript">|;
printf "%s\n", $string;

$string =~ s¡<STYLE\s([^>]*>)¡
          {
            my $trt = $1;
#            $trt =~ s!type=\S+?(\s|"|')!TYPE="text/css"!igs;
            $trt =~ s!type=\S+?[ '">]!TYPE="text/css"!igs;
            $trt .= '>' if substr($trt,-1,1) ne '>';
            qq(<STYLE $trt)
          }¡eigsx;

printf "%s\n", $string;
[download]

Well I thought htmlScreen would take care of it, but you do override the filter

$str.=htmlcode('parselinks','doctext,override');
... in parselinks ...
$text=htmlScreen($text,$APPROVED) unless $overridefilter eq "override"
+;
[download]

 
___crazyinsomniac_______________________________________
Disclaimer: Don't blame. It came from inside the void
perl -e "$q=$_;map({chr unpack qq;H*;,$_}split(q;;,q*H*));print;$q/$q;"