I can't think of a reliable way to filter out "malicious" code without also having many false positives.
Without having seen their solution, I feel that the browser is the wrong place to fix this kind of problem anyway. Much like PHP tried to prevent SQL Injection Attacks with "Magic Quotes" - we all know how that went.
Without having seen their solution, I feel that the browser is the wrong place to fix this kind of problem anyway. Much like PHP tried to prevent SQL Injection Attacks with "Magic Quotes" - we all know how that went.