I came across the Caja project today and thought it would have excellent applications in Moodle.
Basically it takes some Javascript/HTML and translates it into javascript that is safe to include on your site without the fear of compromising your site.
http://code.google.com/p/google-caja/
I've had a quick play with this demo - it seems to do a pretty good job.
http://cajadores.com/demos/testbed/
-Matt.
Security and privacy
Caja - securing javascript/HTML content
This discussion has been locked so you can no longer reply to it.