Configuration Ideas Here are some theoretical configuration ideas that we could implement some time. Note the naming convention: %Namespace.Directive %Attr.IDPrefix - prefix all ids with this %Attr.RewriteFragments - if there's %Attr.IDPrefix we may want to transparently rewrite the URLs we parse too. However, we can only do it when it's a pure anchor link, so it's not foolproof %Attr.ClassBlacklist, %Attr.ClassWhitelist, %Attr.ClassPolicy - determines what classes are allowed. When %Attr.ClassPolicy is set to Blacklist, only allow those not in %Attr.ClassBlacklist. When it's Whitelist, only allow those in %Attr.ClassWhitelist. %Attr.MaxWidth, %Attr.MaxHeight - caps for width and height related checks. (the hack in Pixels for an image crashing attack could be replaced by this) %URI.AddRelNofollow - will add rel="nofollow" to all links, preventing the spread of ill-gotten pagerank %URI.RelativeToAbsolute - transforms all relative URIs to absolute form %URI.HostBlacklistRegex - regexes that if matching the host are disallowed %URI.HostWhitelist - domain names that are excluded from the host blacklist %URI.HostPolicy - determines whether or not its reject all and then whitelist or allow all in then do specific blacklists with whitelist intervening. 'DenyAll' or 'AllowAll' (default) %URI.DisableIPHosts - URIs that have IP addresses for hosts are disallowed. Be sure to also grab unusual encodings (dword, hex and octal), which may be currently be caught by regular DNS %URI.DisableIDN - Disallow raw internationalized domain names. Punycode will still be permitted. %URI.ConvertUnusualIPHosts - transform dword/hex/octal IP addresses to the regular form %URI.ConvertAbsoluteDNS - Remove extra dots after host names that trigger absolute DNS. While this is actually the preferred method according to the RFC, most people opt to use a relative domain name relative to . (root).