The spoiler tag seems to have a bit of a problem with url-encoded characters.

As an example, including a '&' in a spoiler tag will get into a recursive knicker-twisting scenario like this (entering 'Round & round'):

Spoiler:
Ebhaq &nzc; ebhaq

Wave the mouse pointer around over that for a bit and things get messy quite quickly.

It seems that the characters are being url-encoded first, before the text is ROT-13 coded and stored in the database, so '&' becomes '&nzc;'

The code which does the initial ROT-13 might need to do something similar to the javascript fix for the formatting, and disable ROT-13 between the '&' and ';' characters to preserve these character codes.

Changing the javascript to use 'textContent' instead of 'innerHTML' seems to stop the text spreading all over the place. (at least it does in Firefox using a quick Greasemonkey script to test it out) But is this one of those FF/IE differences that would screw everything up?

I'll have to come back to this later when I can spare some more time. Work gets in the way of all the fun stuff...