A Billion More Laughs: The JavaScript hack that acts like an XML attack
Don is off in Lowell working on a project with our ARX folks so I was working late last night (finishing my daily read of the Internet) and ended up reading Scott Hanselman's discussion of threads ve...
Another option is to control what you know. Javascript is fine as long as you are the one including it. Disable Javascript for all non-known entities (ie, comments, trackbacks, etc). This could help a bit...