On 4/16/05, Florian Gro<florgro / gmail.com> wrote:
> Allowing CSS might appear safe at first, but the major browsers all
> support schemes for behavior binding at the style level and Internet
> Explorer also allows for interpolation of arbitrary JavaScript code via
> expression().

Yup, CSS is a weak spot in my Samizdat::Sanitize: I can parse and
filter XHTML via REXML just fine, but I don't know of any CSS parser
that I could use. Any ideas?

-- 
Dmitry Borodaenko