Is being able to include aribitrary JS code a good security practice?
Permalink
Both the HTML and the Content block allows a user with editing permissions to include arbitrary javascript code in pages. Shouldn't that be considered a security vulnerability as a user can include malicious code that might affect other users of the site?