Roman,
It seems SafeHTML is also stripping the callto: protocol - as I found out when I tried to add a Skype me link on my user page... (a minute ago :)) I don't see how that protocol constitutes an security risk though. Comments?

BTW, I just added the RSS feed for the SafeHTML site to my feedreader but found the feed doesn't have a title...you might want to add one ;-)

About callto: -- Safehtml uses **white list** of protocols.

So, callto or e2k must be added to whitelist.

I'll think about it -- for distribution.

Does SafeHTML also strip the blockquote tag?

JasRandal,
blockquote is *not* in the list of "dangerous tags" to be filtered out. Can't imagine how it would be dangerous either. ;-)

Have a look at the file safehtml.php in 3rdparty/code/safehtml and you can easily see what's filtered, blacklisted or whitelisted.

Thanks, JW. I looked there earlier and didn't see it. I must be doing something wrong then ... but it's hard to conceive of that possibility. ;-)

I would like to add Javascript to one particular Wikka page. Is there a way to disable SafeHTML for this purpose?

Suggestion .... 'build' the page/content in another file, then call/include that page on a wikka-wiki page. Think of it as an "action" for the concept.

ATM 3rdparty/core/safehtml/classes/safehtml.php kills off @name except on certain form control tags. <map> is currently not one of these tags but needs to be to enable client-side image maps (because <object> is prohibited we must use <img> which can only work with <map> with @usemap; for @usemap to work, <map must have @name but this is currently stripped from <map>).

Fix is simple, just add 'map' to $formControls:
var $formControls = array('input', 'select', 'textarea', 'button', 'map'); # form controls where a name attribute is valid - JavaWoman