Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
from
Mark Stanton