The reference at
http://opensocial-resources.googlecode.com/svn/spec/0.8/gadgets/util.js does
not give any details on how the HTML is to be sanitized. Whether it should
use a blacklist or a whitelist depends on how much flexibility we want to
give to the gadget.
I was looking at implementing this but I am not sure If I am considering
everything that needs to be taken care of.
1. Strip all script tags of the form <script
2. Strip tags of the form <a onclick="javascript:alert('foo')">bar</a>
3. Applets ?
4. <div style="width: expression(alert(1))">hello</div>
- Reema
