White-List acceptable tags instead of back-list
|Reported by:||guest||Owned by:||gogo|
Is there a white-list of acceptable HTML tags? – If not this means that the Xinha essentially accepts all tags but rejects those that are inappropriate for example the “script” tag. This leads to no protection against new tags that are released and exploited.