**Problem:** there are two different tasks - to put plain text into a wiki, so that it is displayed unmodified; and to put HTML into a wiki, so that it is displayed unmodified, i.e. rendered by the browser.
**Proposed solution:**
1. The double quote syntax solves the first problem. On their contents, ##htmlspecialchars()## is executed. !!Done!!.
1. The second problem is solved by the new syntax. !!Done!!.
1. The ##""<# #>""## is proposed.
1. In the second task, depending on the option in the configuration file, the dangerous HTML code is removed or not removed. !!Done!!.
1. see ((/Dev/Projects/SafeHTML SafeHTML)) - anti-XSS HTML parser
----
Dangerous code is:
* attributes on*, data*, action="javascript:", href="javacript:", dynsrc.
* tags <object>, <layer>, <ilayer>, <frame>, <iframe>, <script>, <embed>, <applet>, <bgsound>, <style>, <link>, <body>, <meta>, <frameset>.
* strip dangerous CSS.
* position: (but not backgound-position:)
* @import
* @font-face:
* expression
* behavior
* For subject, it is suggested to do ##strip_tags()## with some small set of allowed tags, like i, a, b, s, strong, strike, u. The style attribute should also be removed.