Recovered from the Wayback Machine.
I never realized before that the difficulty with XHTML and allowing comments has a solution so breathlessly simple that I hit myself for not having seen it before.
I have configured the htmLawed module to “scrub” comments, but that wasn’t the solution. The solution is not to allow a person to save a comment until they preview the comment, first. If the input is invalid XHTML, they won’t see the form, or the form save button, in order to save the comment.
htmLawed should help with the accidentally invalid XHTML, and preview should help eliminate the deliberately invalid XHTML. We hope.
I’ve turned comments on. We’ll see how it goes.
update
Yesterday I discovered that the htmLawed module was still allowing the infamous U+FFFF et al through, and submitted a bug. Today, the htmLawed Drupal module was just updated to point to htmLawed source 1.0.9, which neutralizes the illegal Unicode characters that caused so many problems with my WordPress installations.
I am absolutely astonished at how fast and how responsive the htmLawed Drupal module developers are. I submitted a bug yesterday, and it was fixed by today. My comments should now be XHTML safe.