I'll see your cross site scripting and raise you a Content Security Policy Lou Leone :: Rochester OWASP.
