I threw down the gauntlet, challenging anyone to post XSS hacks on Beast. The community accepted and brought in some challengers that defeated sanitize. Today, I answer the pleading call of sanitize with the white list plugin.

“This White Listing helper will html encode all tags and strip all attributes that aren’t specifically allowed. It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out the extensive test suite.”