With the advent of AJAX, I've been noticing more articles about Javascript security, like this one: http://news.zdnet.com/2100-1009_22-6099891.html?tag=nl.e540 which claim that security can only be attained at the server. The article does not go into what kind of security specifically. So I was wondering, what do people recommend to protect against cross-site scripting, etc.? Mark W.