Index: openacs-4/packages/acs-tcl/acs-tcl.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/acs-tcl.info,v
diff -u -r1.95.2.41 -r1.95.2.42
--- openacs-4/packages/acs-tcl/acs-tcl.info	23 Feb 2022 14:18:37 -0000	1.95.2.41
+++ openacs-4/packages/acs-tcl/acs-tcl.info	3 Mar 2022 18:40:12 -0000	1.95.2.42
@@ -9,7 +9,7 @@
     <implements-subsite-p>f</implements-subsite-p>
     <inherit-templates-p>t</inherit-templates-p>
 
-    <version name="5.10.1d11" url="http://openacs.org/repository/download/apm/acs-tcl-5.10.1d11.apm">
+    <version name="5.10.1d12" url="http://openacs.org/repository/download/apm/acs-tcl-5.10.1d12.apm">
         <owner url="http://openacs.org">OpenACS</owner>
         <summary>The Kernel Tcl API library.</summary>
         <release-date>2021-09-15</release-date>
@@ -18,7 +18,7 @@
         <license>GPL version 2</license>
         <maturity>3</maturity>
 
-        <provides url="acs-tcl" version="5.10.1d11"/>
+        <provides url="acs-tcl" version="5.10.1d12"/>
         <requires url="acs-bootstrap-installer" version="5.10.0"/>
         <requires url="acs-kernel" version="5.10.1d3"/>
 
Index: openacs-4/packages/xowiki/xowiki.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/xowiki.info,v
diff -u -r1.180.2.87 -r1.180.2.88
--- openacs-4/packages/xowiki/xowiki.info	21 Feb 2022 11:53:55 -0000	1.180.2.87
+++ openacs-4/packages/xowiki/xowiki.info	3 Mar 2022 18:40:12 -0000	1.180.2.88
@@ -10,7 +10,7 @@
     <inherit-templates-p>t</inherit-templates-p>
     <auto-mount>xowiki</auto-mount>
 
-    <version name="5.10.1d18" url="http://openacs.org/repository/download/apm/xowiki-5.10.1d18.apm">
+    <version name="5.10.1d19" url="http://openacs.org/repository/download/apm/xowiki-5.10.1d19.apm">
 	<owner url="mailto:neumann@wu-wien.ac.at">Gustaf Neumann</owner>
 	<summary>A xotcl-based enterprise wiki system with multiple object types</summary>
 	<release-date>2021-09-15</release-date>
@@ -55,11 +55,11 @@
 	<license>BSD-Style</license>
 	<maturity>2</maturity>
 
-	<provides url="xowiki" version="5.10.1d18"/>
+	<provides url="xowiki" version="5.10.1d19"/>
 	<requires url="xotcl-core" version="5.10.1d1"/>
 	<requires url="acs-datetime" version="5.9.1"/>
 	<requires url="acs-kernel" version="5.10.0"/>
-	<requires url="acs-tcl" version="5.10.1d9"/>
+	<requires url="acs-tcl" version="5.10.1d12"/>
 	<requires url="acs-templating" version="5.10.1d0"/>
 	<requires url="acs-subsite" version="5.10.0"/>
 	<requires url="acs-lang" version="5.10.0"/>
Index: openacs-4/packages/xowiki/tcl/form-field-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/form-field-procs.tcl,v
diff -u -r1.284.2.198 -r1.284.2.199
--- openacs-4/packages/xowiki/tcl/form-field-procs.tcl	2 Mar 2022 14:03:16 -0000	1.284.2.198
+++ openacs-4/packages/xowiki/tcl/form-field-procs.tcl	3 Mar 2022 18:40:12 -0000	1.284.2.199
@@ -3426,21 +3426,42 @@
   }
 
   richtext instproc check=safe_html {value} {
-    # don't check if the user has sufficient permissions on the package
+    #
+    # Don't check, if the user has sufficient permissions on the
+    # package
+    #
     if {[::xo::cc permission \
              -object_id [::xo::cc package_id] \
              -privilege swa \
              -party_id [::xo::cc user_id]]} {
       set msg ""
     } else {
-      set msg [ad_html_security_check $value]
+      #
+      # Check, if the package has global settings for AllowedTags,
+      # AllowedAttributes, or AllowedProtocols. If (some of) these
+      # exist, use these for configuring "ad_html_security_check". If
+      # not, fall back to the default (site wide) definition.
+      #
+      set package_key [apm_package_key_from_id [${:object} package_id]]
+      set options {}
+      foreach var {attributes tags protocols} {
+        set params [parameter::get_global_value \
+                       -package_key $package_key \
+                       -parameter Allowed[string totitle $var] \
+                       -default ""]
+        if {$value ne ""} {
+          lappend options -allowed_$var $params
+        }
+      }
+      set msg [ad_html_security_check {*}$options $value]
     }
     if {$msg ne ""} {
       :uplevel [list set errorMsg $msg]
       return 0
     }
     return 1
   }
+    
   richtext instproc pretty_value {v} {
     # for richtext, perform minimal output escaping
     if {[:wiki]} {
@@ -3992,7 +4013,7 @@
       }
     }
   }
-
+  
   ###########################################################
   #
   # ::xowiki::formfield::richtext::wym