Board Thread:Code Review/@comment-4356266-20151008134915/@comment-4356266-20151011090144

I went ahead and replaced mw.html.escape with a /on\w+="[\s\S'][^"]*"/ig regex replace that is hopefully able to capture all those event attributes. If anyone has a better way of doing this (removing those attributes), assuming this is the xss vector we're trying to prune, it'd be much appreciated.