Hmm, I would say that the code is *complex* however I would not say it is overly *complicated* - bearing in mind what the code is doing, I am sure that everyone is in agreement that whitelist based HTML filtering is a good thing (unless one is a skript kiddie trying to damage the website of course :). I have had a couple of hacks at doing the same thing using HTML::Parser and I think that would be just as 'orrible looking :)

The thing here is that there is always going to be a conflict between the didactic aims of NMS and the needs to provide secure and robust code - in this case the latter concern has become foremost, on the other hand we have rejected changes that have seemed overly obfuscated and hopefully implemented the same stuff in a more clear manner.

For myself I am delighted that people are finding security holes in the NMS programs - this is an OPPORTUNITY for us to make the stuff better. For myself I would hate it if the programs were being used by people and the only people who knew there were vulnerabilities were the crackers and skript kiddies. I can't speak for anyone else on the project but I know that I am not omniscient :)

/J\