I've whipped up a pcom-to-be that will render user-submitted HTML safe
from all of the cross-site-scripting attacks that I'm aware of.
If you think you know any clever tricks for getting javascript or nasty
tags (like <embed>) around text filters, could you please have a go at
breaking it?
http://chxo.com/scripts/safe_html-test.php
Thanks!
chris.