Index: openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl,v
diff -u -r1.24 -r1.25
--- openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl	24 Oct 2003 12:30:12 -0000	1.24
+++ openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl	29 Oct 2003 18:12:30 -0000	1.25
@@ -611,9 +611,6 @@
 	    [ad_parameter_all_values_as_list -package_id [ad_acs_kernel_id] AllowedAttribute antispam] \
 	    [ad_parameter_all_values_as_list AllowedAttribute antispam]]
 
-    set allowed_url_attributes_list [concat \
-	    [ad_parameter_all_values_as_list -package_id [ad_acs_kernel_id] AllowedURLAttribute antispam] [ad_parameter_all_values_as_list AllowedURLAttribute antispam]]
-
     set allowed_protocols_list [concat \
 	    [ad_parameter_all_values_as_list -package_id [ad_acs_kernel_id] AllowedProtocol antispam] \
 	    [ad_parameter_all_values_as_list AllowedProtocol antispam]]
@@ -626,9 +623,6 @@
     foreach attribute $all_allowed_attributes_list {
 	set allowed_attribute([string tolower $attribute]) 1
     }
-    foreach attribute $allowed_url_attributes_list {
-	set url_attribute([string tolower $attribute]) 1
-    }
     foreach tagname $allowed_tags_list {
 	set allowed_tag([string tolower $tagname]) 1
     }
@@ -649,7 +643,7 @@
 	    # The tag was valid ... now let's see if it's on the allowed list.
 	    set tagname [string tolower [string range $html [lindex $name_idx 0] [lindex $name_idx 1]]]
 
-	    if { ![info exists allowed_tag($tagname)] } {
+	    if { ![info exists allowed_tag($tagname)] && ![info exists allowed_tag(*)] } {
 		# Nope, this was a naughty tag.
 		return "For security reasons we only accept the submission of HTML
 		containing the following tags: [join $allowed_tags_list " "]. 
@@ -668,12 +662,12 @@
 		    set attr_name [lindex $attribute 0]
 		    set attr_value [lindex $attribute 1]
 		    
-		    if { ![info exists allowed_attribute($attr_name)] } {
+		    if { ![info exists allowed_attribute($attr_name)] && ![info exists allowed_attribute(*)] } {
 			return "The attribute '$attr_name' is not allowed for $tagname tags"
 		    }
 		    
 		    if { [regexp {^\s*([^\s:]+):} $attr_value match protocol] } {
-			if { ![info exists allowed_protocol([string tolower $protocol])] } {
+			if { ![info exists allowed_protocol([string tolower $protocol])] && ![info exists allowed_protocol(*)] } {
 			    return "Your URLs can only use these protocols: [join $allowed_protocols_list ", "].
 			    You have a '$protocol' protocol in there."
 			}