Forum OpenACS Q&A: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!)

I think from a security standpoint it's probably a mistake to think limiting user input tags is a fix to this problem. The reason to limit tags is to keep people from putting javascript and blink tags into your site, plus sites like photo.net would not be that interesting without img tags.

I think the real solution is to make signed variables the default and make the signatures 1 time use only, but that seems like a lot of work. I suspect it's possible to do this at the package level and make it the default for new packages. I also suspect adform could also be changed in transparent way. The whole thing is probably more work than noquote.