Hi, A while ago I got this bug report for pathauto: http://drupal.org/node/121276 I tried and tried but couldn't reproduce the thing. As you can read from the issue it was quite confusing. That was frustrating. Then today someone figured out that their WYSIWYG editor was inserting an into the textarea. That was the cause of the bug. Chx suggested we handle this in the following manner: Can't we have a warning on he WYSIWYG editor project pages that if "you use this module, you are not entitled to support on core, any other module and also, security is your problem now, not ours?" Thoughts on other solutions? I'm thinking about going through all the WYSIWYG editors and adding a critical issue that they disable themselves on all textareas in the admin/* url-space. I post this here because I want to 1) get some collective ideas on brainstorming 2) warn other users from using WYSIWYG editors on admin/ pages 3) alert module maintainers that if your settings page has a textarea input you should be aware of this as a possible cause of problems Regards, Greg