Cross site scripting
Once a user submits a comment using iRite, perhaps one that contains links, formatting options etc...how do you handle this when writing to the file and then on redisplaying to the screen.
In other words, do you do any filtering or sanitizing? Does this open your users up to cross site scripting, injection, or other security issues?
I know just enough to ask the questions...probably not well at that, but I am very concerned.
Your guidance is appreciated.