Been reading about Cross-site scripting today on Wikipedia just to see if there was anything I didn’t already know. I’m in the process of code reviewing the entire Pcphpjs code base to remove all the XSS vulnerabilities that I left latent while hacking it together and learning the CodeIgniter and Doctrine frameworks. Now things are relatively stable so I’m going to go over the whole thing and refactor it with a view to code reviewing data handling for HTML injection while I’m at it.