What the heck are you talking about??? By day I'm a developer of web server security software and I'd really love to know what in HTML allows you to "take control of a server!" Yes, running a web server is risky business because of CGI's, etc. which, if improperly configured, could allow a Bad Person (tm) to do Bad Things (tm) to your beloved web server. But tell me how allowing HTML to be added to BBS posts can "allow control of a server!" I'm serious, knowing this could give me a big raise at work!

And Peter, none of those table examples crash my browser. They might not get rendered properly, but they certainly don't constitute "denial of service" except for poorly written browsers. And the server could always check for too many nested tables when entering posts and complain. Besides, that's more of a client thing, the way people are talking here, you'd think every web server which displayed HTML was a wide open backdoor to root the server. How the hell do web site providers which allow users to upload HTML files stay in business then?