Martin Dougiamas

The "designed" way is to use Moodle plain text format (you'll need to switch the editor off to see that menu though) because that format is not subject to filtering and re-formatting.:

  :-)  :-D  (y) (n) (h)

Yes, I agree it would be good to have a policy on this.

What sort of policy would you suggest we adopt, Marc?

Do you know any good examples from other open community sites that we could follow?

Marcus, how has this worked in practice? Is the admin able to identify real users vs spammers?

Just as a general tip, if you want to insert some arbitrary JS code in the body tag on that file (like onBlur or onLoad) then you can add it to the 10th parameter to the print_header() function called $bodytags. In your case it's probably in mod/quiz/attempt.php.

Welcome to the internet, Mauno!

http://secunia.com/advisories/

Perfect security is never possible, we can only strive for it.

Regarding contributed Moodle code, one of the plans rolling along is to replace the Modules and Plugins database with something with more management capability, plus formal review/certification processes by dedicated staff.