On Tue, 9 Nov 2004 02:47:11 +0900, James Britt
<jamesunderbarb / neurogami.com> wrote:
> I added logging to my copy so that I could see what was being clobbered
> during sanitization. Might be worth including this by default.

Err, I can't throw Ruby dumps on unsuspecting Wiki users: my problem
is not just to find the cause, but also to report it nicely.

> I see that 'script' elements are deleted, as the yaml file makes no
> mention of that element.

Right, that was on purpose.

Btw, I've noticed that this script doesn't completely filter out things like:

<IMG width="0" height="0" style="bac\kground:
ur\l(javascript:alert('boop'));" />

...although it cripples it a bit by escaping quotes. I don't want to
remove "style" attributes, is there any easy way around parsing CSS?

-- 
Dmitry Borodaenko