A colleague found a rather cute pop culture spoof recently that’s worth sharing. If you develop web content on a regular basis then I think this’ll really touch a nerve:
http://www.elliottkember.com/ie.html (contains some contextually-appropriate coarse language)
Did you notice the little peel-away flap in the top-left corner? 
I went ahead and upgraded the installation of wordpress we use for this blog from 2.6 to 2.7 – you won’t notice anything mind you, but we get a completely different admin interface under the hood. Keeping things up to date is always a good idea from a security standpoint, but I also wanted to address an odd issue that wasn’t present in my own personal installation of 2.7.
I’d noticed a little while ago that the font-colour controls in the editor didn’t seem to work. I could select the text and apply the colour, but the change disappeared once I saved the changes. Looking at the HTML, something odd was afoot:
<span style="#990000">lorem ipsum dolor</span>
Definitely not the expected behaviour, the “color:” was being stripped out of the style attribute. A little further searching revealed the treachery: wp-include/kses.php
kses.php performs data sanitisation, mostly to do with handling dodgy/exploitable code in posts and comments. The editor implements colours in the expected manner using inline CSS, but the sanitiser strips it out! I imagined that surely this was well-tested, but trawling google for likely problem reports was largely fruitless.
There were a couple of posts from people who’d run into this same issue, but the fix was largely unsatisfactory.
Why unsatisfactory? Because you add the desired css attributes to an array in kses.php called “$allowed_protocols” – a rather nasty hack to my mind. In WordPress’ defence, I didn’t perform a vanilla installation and verify the issue was still there with no user modifications – it would have been substantial effort for a problem that could be fixed by keeping up to date anyway. No hard feelings, guys.