Is there a module (or, better yet, sample code) that scrubs user-entered text to remove cross-site scripting attacks, while also allowing a small subset of HTML through?
Contemplated application: a message board that allows people to use <b>, <a href="">, <i> and so on, but does not allow any javascript, vbscript, or other nasties. -- http://mail.python.org/mailman/listinfo/python-list
