JavaScript needs to be disabled in parameters.
http://www.wikipedia.org/wiki/JavaScript_table_security_hole
Try to click on the link to Main Page. The JS there is harmless but
there are so many possible things one can do with it....
For that matter, parameters need to be checked for sanity. If you look
at the wikisource and the HTML source of that page, the table has the
meaningless attributes "foo 15". Not foo=15, foo and 15 separately. A
check needs to be made for approved attributes, just like the check for
approved HTML tags.
=====
-Geoffrey Thomas
geoffreyerffoeg(a)yahoo.com
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com