Andrew Nacin, WordPress core committer and employee at Audrey Capital, has released a new plugin called Filtered HTML for Editors. By default, Administrator and Editor users on WordPress sites can publish content without WordPress filtering it. Filtered HTML for Editors removes the ability for Editors to publish unfiltered content.
Nacin says he created the plugin in response to a reported, yet invalid, vulnerability in WordPress 3.0.4 regarding the rights of WordPress Editor roles. You can read more about the invalid vulnerability report on the WordPress development blog, and download the plugin, if you want to use it, from the WordPress plugin directory.
For the multisite peeps: This plugin is only relevant for single installs of WordPress, not multisite users. On a multisite setup, only the Super Admins have the unfiltered HTML capability. So. You won’t need this.