--- planet/sanitize.py~ 2009-09-11 12:08:59.000000000 -0400 +++ planet/sanitize.py 2009-09-11 12:11:07.000000000 -0400 @@ -70,6 +70,12 @@ # utility method to be called by descendants attrs = [(k.lower(), v) for k, v in attrs] attrs = [(k, k in ('rel', 'type') and v.lower() or v) for k, v in attrs] + + for i in xrange (len (attrs)): + k,v = attrs[i] + if (( k == "src" ) or ( k == "href" ) ) and (v.find("javascript:") <> -1 ): + del attrs[i] + return attrs def unknown_starttag(self, tag, attrs):