Validate HTML before saving

[lockworld]

Consider validating HTML prior to saving and stripping out scripts to improve security.

But...is this really necessary? If these pages are all being published to the author's website, isn't security their problem?

Maybe we can have an "advanced" configuration option that disables script removal if the user has selected this. Or maybe we skip this feature and let the user do what they want. I'm a little torn on this one.

[lockworld]

My latest thought on this is to make it user-configurable. By default, html will be sanitized to remove scripts. User can toggle a setting to allow scripts to be included in HTML. We could also expand this to other settings so users can toggle whether they want to allow links to external images and videos or only internal ones, etc.