As pointed out in this link, YouTube got hit with a bit of an elaborate scripting attack via its comments. And while programmers can be very creative in parsing comments and other user entered text fields, I feel that it is a waste of programmer time.
HTML5 is still a work in progress right?
I know this might not be the best place for it, but I have a suggestion I think just might work to fix this problem. A simple tag generally could just be closed by the text it is trying to prevent scripting in, killing something like <NX></NX>.
But a bit of a modification on that would fix that problem. The only issue is that it will require a little server side work.
Passwords. Generate a new password for the script when a comment is created, and every time the comment faces an edit. Thus, <NX=15></NX=15> or something much like that, preferably with a longer password/phrase.
Simple right? I think such a tag would reduce much of the work that web developers have to factor in when taking user created text.
