You need to be careful making things like that noquote
since if someone were to put something like the following: in
<img src="http://yoursite.com/admin/grant-admin?user_id=eviluser">
in an aggregated feed
you read on yoursite.com. When you went to
read it, it would get the url which would grant sitewide
admin to thier user_id on your site.
In general, anything that comes from the outside needs to be
checked for XSS and allowed tags before it is displayed.
