This is exactly what I was thinking as well, it's a great Scunthorpe example. Nothing from the body of a user article should ever be executed in any way. If blocking a list of strings is providing any security at all you're already in trouble because attackers will find a way around that specific block list.

> This looks like a variation of the Scunthorpe problem[1], where a filter is applied too naively

No.

> aggressively

No.

>, and in this case, to the wrong content altogether.

Yes - making it not a Scunthorpe problem.

Correct. And a great example of it.