Well, HTML Purifier is reasonably robust: no vulnerabilities since Jun 2008, and that one was quickly fixed. As long as you keep up with it, I'd be willing to use it in my website. You'd also have to consider how it will interact with HTML quoting. I've got some articles on my site that are HTML/CS...

Maybe you'd like to integrate this into the serendipity_event_unstrip_tags event plugin; this already works on at least showing escaped HTML in the comment, so you might be able to use that as a base to offer people restrictive HTML parsing. Well, I based it on unstrip_tags, that's how I figured ou...

The problem is that <a> is really the most dangerous HTML tag. I know.. I was just thinking there has to be some secure way since a lot of major websites allow it in their comments. Hey, look at that! Between dakira's post and mine, there appears to be spam. :( Anyway, I've got what I consider to b...

Great! Here are the other things I'm working on, in case I'm duplicating effort: an HTML Purifier markup plugin, so that I can allow safe HTML in comments rather than requiring some other markup language like BBcode or what-have-you. related to that, I've noticed that a lot of markup functionality i...

Will do... I might have something else cooked up by then too.

Attached.

OK... for now I'm skipping integration with moods and freetag; and I'm not sure what to do about OpenID comments (on the bright side, they're pretty uncommon) without handling it on a case-by-case basis. I've added one configuration option, the LJ username, which is only used if there are comments i...

That sounds good! Indeed returning the ID inside the functionw ould be helpful, so I've patched that as well for the next version. Thanks! Aside from thinking it might be a good general improvement to the code, I mention it so that after the next release I don't have spurious errors when I validate...

I recently created a new s9y blog, with data imported from a LiveJournal account. I ended up writing a custom importer that I hope to share soon (there are still some loose ends to clean up), but the gist is that instead of using the XML files directly from LiveJournal.com I used the XML files gener...