Do we have backups for all the data in Redmine?

If so, how often and where are the backups hosted?

If not, then we should start backing up the data because losing it
would be the suck.

There's no way around it, we're going to need a good sanitizer for
comment/description/etc html **regardless** of
`whether or not we use markdown <http://bugs.foocorp.net/issues/363#note-5>`_
... so I think the html cleaner should:


-  use
   `lxml.html.clean <http://lxml.de/lxmlhtml.html#cleaning-up-html>`_
-  Use **only whitelisted tags**... this is possible through lxml,
   we need to do it right. Tags I think we'll need to allow: b, i, em,
   strong, p, ul, ol, li, a, br. (any others?)
-  Only whitelisted attributes
-  XSS attribute attack prevention, other XSS prevention stuff...
   see the lxml.html.clean docs.
-  have tests that try to attack each one of these components.

In the future it might be a good idea to also prevent certain other
annoying things... deeply nested

.. raw:: html

   <p>
   
's, etc. But for now I think this will be good enough.

Out of random thinking, I was pondering about a Workbench class.

This ticket is mainly to not loose the discussion points, etc.

Ideas, etc will pop up on my dev/workbench\_class branch.