id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
352	Enforce output sanitizing	Christer Byström		"When an image is drag-and-dropped into the edit field the onmouseover and
other event attributes remain intact. There should of course be server-side
validation, but currently the XHTML snippets produced are unsafe in
themselves and make javascript code injection way too easy. "	New Feature	confirmed	Normal		General