Forum OpenACS Q&A: Re: Thanks for ETP 2
I think it's important to fix but it's really pretty unrelated to the issue of what html is safe to allow through versus not.
I think good security is not something we should sacrifice for ease of use (at least not by default); look at the reputation phpNuke et al have for security laxness. Much of it springs from a history of these sorts of exploits. Ultimately it's something that, if we want OpenACS to be acceptable for anything other than personal sites, we need to take care not to permit.