> I'm assuming you mean that editors can add the HTML after story > submission, and not just anybody. Correct. > It's possible that editors can bypass the normal filters when editing > a story that already exists. If so, that sounds like a bug, because > fields should be filtered appropriately every time they're changed, > even if an editor is making the change. Yes, it is definitely possible. For example, see: http://gristmill.grist.org/story/2006/8/18/12035/1766 > I don't think there would be any security issues with allowing html > in the title, at least none beyond allowing html anywhere. Titles > tend to be short and formatted in a specific way on the page, > however, and are also used in the browser's title bar (which doesn't > allow html formatting). So, why is the HTML being stripped out then? I assume there is a reason. If not, my editors and contributors would love it if I remove this restriction. One side effect, of course, is that the HTML might be preserved in other places where the title is used. Case in point, same example: http://gristmill.grist.org/story/2006/8/18/12035/1766. Note the browser's page title. Thus, you might need to recode blocks, boxes, ops and perhaps the codebase as necessary. Chris