JavaScript needs to be disabled in parameters.
http://www.wikipedia.org/wiki/JavaScript_table_security_hole
Try to click on the link to Main Page. The JS there is harmless but there are so many possible things one can do with it....
For that matter, parameters need to be checked for sanity. If you look at the wikisource and the HTML source of that page, the table has the meaningless attributes "foo 15". Not foo=15, foo and 15 separately. A check needs to be made for approved attributes, just like the check for approved HTML tags.
===== -Geoffrey Thomas geoffreyerffoeg@yahoo.com
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com