We've had another one of the "[Some grammatical corrections]" spam
attacks, this time on our homepage. It's only a single page again this
time, but annoying. Seems others have suffered the same thing.
Is one solution to this to strip inline styles from user input? (or at
least stuff that manipulates height or visibility). crschmidt's SQL
hack is nice, but still requires us to spot the attack and its
identifying comment phrase. Banning these styles would make all links
visible, which maybe isn't what we want, but may at least make it
easier for us to spot and remove them.
What do people think? Is this a useful strategy? How much work on the
codebase would be involved?
(Open Guide to Milton Keynes).