Thank you very much for your detailed overview of the situation.
I didn't even realize there were all these other places, like AchievementList.pm, that generate messages. I guess the issue is that if a revised scrubber is placed too downstream, or the white list is made too short, one ends up potentially taking away useful features.
Anyway, in my fork of webwork2, I made changes to the scrubber settings so that it allows only the 'class' attribute, but allows all html tags except script. You are welcome to have a look:
These changes scrub messages pretty much right before they are presented to the webpage, so based on what you said, it's probably not the most ideal solution, since it might take away functionalities of other webwork features. So, perhaps right now it's at best something that serves to start a discussion. For testing purposes, I include below a few URL's that trigger unwanted alerts. They work only if the user logs on as a professor or admin. The changes I made to my fork appear to thwart these "attacks".
Thank you very much!