Restrict unsafe HTML/JavaScript features of Wiki syntax to trusted users

XWiki allows any user to use all the power of Wiki syntax (especially HTML and JavaScript) almost everywhere, which makes it very flexible, but also vulnerable to various stored XSS attacks. For example, a user A that is only allowed to edit one page can insert a malicious script that will silently edit any other page he likes (or give A administrative rights) once another user B with higher privileges views the malicious page.

I suggest to add an additional "HTML" access right that would allow the use of html macros (including features like parametrized paragraphs using (% style="..." onmouseover="<enter your script here>" %), custom image style using [[image:img.png||onload="<enter your script here>"]] etc.). This would allow to preserve the full flexibility where it is needed (trusted users) and allow untrusted users to edit or comment some pages (e.g. blog) using safe subset of Wiki syntax.