[OSM-dev] XSS Vulnerabilities

[Gervase Markham]

Tom Hughes wrote:
> It breaks all the harmless HTML tags people have used in their
> diary entries though, most notably any links people have put in.
> 
> What we should have done is use one the plugins that offers a
> wiki-ish type benign markup but now we have legacy entries using
> raw HTML tags.

You can get libraries which permit a defined subset of HTML tags. So you 
may be able to use one of those to restore the original diary entries 
(mostly), and allow people to keep using HTML as their markup language.

Gerv