--- a/daily-edition.js	Wed Aug 11 21:53:39 2010 -0700
+++ b/daily-edition.js	Thu Aug 12 05:11:58 2010 +0000
@@ -1,3 +1,17 @@
+function isUrlSafe(url) {
+  if (typeof(url) != "string")
+    return false;
+  return (url.match("^https?://") != null);
+}
+
+function safeHtml(html) {
+  return html_sanitize(
+    html,
+    function urlPolicy(url) {
+      return isUrlSafe(url) ? url : null;
+    });
+}
+
 $(window).ready(
   function() {
     var req = new XMLHttpRequest();
@@ -33,7 +47,8 @@
                 function(article) {
                   var div = $("#templates .article").clone();
                   var date = article.pubDate.join(".");
-                  div.find(".title .link").html(article.title);
+                  var title = safeHtml(article.title);
+                  div.find(".title .link").html(title);
                   div.find(".title .link").attr("href", article.url);
                   div.find(".author").text(author);
 
@@ -41,7 +56,7 @@
                   article.content.forEach(
                     function(content) {
                       if (content.type == "text/html")
-                        html.push(content.value);
+                        html.push(safeHtml(content.value));
                     });
 
                   if (html.length > 0) {
@@ -52,9 +67,7 @@
                       // element, so do that to ensure it has some
                       // padding from everything around it.
                       content.html("<p>" + html[0] + "</p>");
-                  } else
-                    console.warn("no html content for", article,
-                                 "by", author);
+                  }
                   div.find(".date").text(date);
                   $("#articles").append(div);
                 });