The Cross Site Scripting Guide
Cross Site Scripting
Hacking Ruby on Rails at Railswaycon09
Ben Livshits and Weidong Cui Microsoft Research Redmond, WA.