> Isn't Textile quite suited to this sort of task ? Wouldn't it be safer ?
It's suited some times for some of the tasks. But its not a general purpose replacement for HTML. > I don't personnaly use Basecamp, but if I remember correctly, many > people view the pages, so what prevents a bad user from doing: > > <a href="some link" onclick="do potentially bad thing here">Click me !</a> Basecamp is account restricted. You have to be invited and accept the invitation to become part of a project and see the content. In this context, the ability of being able to use HTML outweighs the risk/impact of malicious users (you usually just participate in projects with people you know). On a public forum, it's different. I wouldn't want to allow HTML there. -- David Heinemeier Hansson http://www.loudthinking.com -- Broadcasting Brain http://www.basecamphq.com -- Online project management http://www.backpackit.com -- Personal information manager http://www.rubyonrails.com -- Web-application framework _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core