http://qs1969.pair.com?node_id=29069


in reply to Javascript and other evil goodies

I'll second the proposal with some reservations. First, a good definition of "unsafe tags" needs to be nailed down. I'm not sure what's allowed right now since I haven't submitted a broken post recently, but in theory even a stray </table> tag can cause trouble (anybody ever seen roblimo italicize an entire conversation?). Some of you might remember the CERT advisory on this very issue a few months ago. The range is extreme: obviously links to applets and ActiveX controls are dangerous, but what about malformed tables? Image tags linking to 800KB graphics? Forms?

Also, "higher levels" should be a pretty conservative mark, I'd say around 3-4 at most. That keeps the AM trolls from doing damage without discouraging any newbies trying to post something fancy.