Security and privacy

I posted this in general problems, but didn't get any response, maybe it fits better here?

The head of enrichment activities (extra-curricular clubs) has asked that I set up courses and give students control over them. This worries me- it's only a year since I was a student and had this existed last year, probably at least half of the computing class would have had a go at attacking it just to see if we could.

The first attack that came to mind was just a JS redirect to a phishing page with a timeout error; chances are this would get at least one teachers password (the same as the novell network- not good). I'm sure between a thousand odd students at least a few will be knowledgeable/imaginative enough to figure out plenty of attacks given free reign over courses.

Would there be a way to let them only add activities, clean all their html as if it were forum posts and maybe do something about stopping them just linking directly to such a phishing page as a resource?

Anyone got previous experience of this? Anything else I should be looking out for?

Thanks a lot,
Mike