Well, as it turns out Rasmus Lerdorfs filter made apache segfault, so I've disabled it again. XSS indeed!

On a lighter note, this work of art was created last night during the OSDC dinner: http://www.youtube.com/watch?v=NfVL_4uRLSo

Well, as it turns out there is a ready-made fix to some of the horrid inser-input-filtering problems I - and probably any PHP coder - encounter.

This morning was the first time I saw Rasmus Lerdorf speak and, although his views on web security want me to give up coding in general and become a potato farmer more specifically, he did point out some tools to make it a lot harder for a macilious user to abuse any web app you write.