2010 Jul 5, 4:23Cross-site scripting attack on YouTube over the weekend: "That turned out to be as simple as using two script tags in a row (<script><script>fun scripting stuff goes here!), as noted by
F-Secure researcher Mikko H. Hypponen on Twitter—the first of the two tags would get stripped, and the second was allowed through."
technical youtube security cross-site-scripting javascript 2006 Nov 6, 6:04Blog entry on Cross Site Scripting. Takes the perspective of both attacker and AJAX app writer. Useful for deployment mechanism of javascript worms.
javascript security blog article cross-site-scripting ajax