--- a/examples/common/default/default.css	Mon Apr 25 19:47:27 2016 +0859
+++ b/examples/common/default/default.css	Tue Apr 26 08:06:35 2016 +0859
@@ -61,6 +61,8 @@
     position: fixed; bottom: 0; left: 0;
     z-index: 2; background-color: rgba(250,222,222,0.6);
 }
+div.blogcomment textarea:focus {background: yellow;
+    position: fixed; top: 0; bottom: auto; }
 div.blogcomment * {opacity: 1.0;}
 table.bloghead, .bloghead tr, .bloghead td {
     border: 1px solid black; border-collapse: collapse;

--- a/s4-blog.sh	Mon Apr 25 19:47:27 2016 +0859
+++ b/s4-blog.sh	Tue Apr 26 08:06:35 2016 +0859
@@ -216,7 +216,7 @@
 $tm
 ${notify:+$nt}</td><td>`echo "$hte"|unhexize|htmlescape`
 EOF
-      sed -e "s|^href=\([-A-Za-z0-9,.:/~_%#&+?]*\)|<a &>\1</a>|"
+      hreflink
       for i in $imgids; do
 	mrid=${i%%:*}; i=${i#*:}; sz=`size_h ${i%%:*}`
 	fn=`echo "${i#*:}"|unhexize`

--- a/s4-cgi.sh	Mon Apr 25 19:47:27 2016 +0859
+++ b/s4-cgi.sh	Tue Apr 26 08:06:35 2016 +0859
@@ -82,7 +82,7 @@
 	
       esac
     fi
-    val="`cat $dir/$file`"
+    val="`cat $dir/$file|htmlescape`"
     cat<<EOF
  <tr><td>($i)</td><td>
 <input class="action" type="radio" name="action.$vname" id="keep.$vname"

--- a/s4-funcs.sh	Mon Apr 25 19:47:27 2016 +0859
+++ b/s4-funcs.sh	Tue Apr 26 08:06:35 2016 +0859
@@ -427,6 +427,9 @@
   fi
   echo  "\">`gecos $1`</a>"
 }
+hreflink() {
+  sed -e "s|^href=\([-A-Za-z0-9,.:/~_%#&+?]*\)|<a &>\1</a>|"
+}
 acclog() (
   # $1=table, $2=rowid
   n=${2%%[!0-9]*}	# Remove non-digit chars from $2(should be rowid)
@@ -2573,7 +2576,8 @@
 	  form=`$cgiform $name $td`
 	  val=$(echo "$val"|
 		     while read fn; do
-		       echo "<tr><td>`cat $td/$fn`</td></tr>$nl"
+		       echo "<tr><td>`cat $td/$fn|htmlescape|hreflink`
+			</td></tr>$nl"
 		     done)
 	  val="<table>$nl$val$nl</table>"
 	else