Actually _right_now_ I cannot click "more"(on the first page) without hitting the "Unknown or expired link" page ... so I cannot go past the first page :/ -- Someone should submit a patch :)
I think in the github and launchpad case the security that a WAF normally offers would have been broken because the data to trigger the vector did not come through http nor https. I suggest you have a play around with github wiki's they already have 'html sanitization' built in.
I spent about around 3 hours on github(found the bugs after like 2 hours and spent another 1 playing with wiki markup --- it is sanitized don't bother), 1 hour on bitbucket, 30minutes on gitorious(obviously the bug I found was found very quickly after signing up) and ~1 1/2 hour looking at the launchpad subdomain.
