Hi!
2. HTML validation - our current security model
relies on the HTML
being generated server-side by a wikitext parser. If we cut wikitext
out of the loop, we'll need some other way of ensuring that people
can't inject arbitrary Javascript/Flash embedding/Java
applet/ActionScript/iframe or any other security horrors.
There are tools like HTML Purifier which are pretty good at it, though
performance of those are not stellar, especially on big texts. The
Purifier pretty much disassembles it into DOM, validates that, throws
out what it doesn't like and reassembles it back. Which is not very fast
in PHP, but is pretty strict. Still, there's a chance people could sneak
something past it.
--
Stas Malyshev
smalyshev(a)wikimedia.org