For those of you who have been following the much anticipated Content Security Policy - you’ll be excited to know it’s currently available for early preview. The guys at Mozilla have a blog post explaining the details of where Content Security Policy is and asking for input. As you’d expect it’s not as full featured as it will probably end up being when it finally gets released, but if you want a chance to tell Mozilla what you think, this is the place to go.
They also include a demo page so that you don’t have to do your own development, you can just try it out right on their site. The demo page can be found here. For anyone interested in solving XSS issues on sites that need to allow it by policy (because of user demand), this is something you should definitely look into. Come to think of it, user generated HTML kind of reminds me of this picture. If it seems like a bad idea, it probably is - but maybe we can make a bad idea worth it after all: