Greetings! I know some people on this list are keeping aware of security issues - I recently discovered this thread, and I thought I would share, so any webmasters out there who inspect their own weblogs and such can test this for themselves. http://www.technicalinfo.net/blog/security/20080121_UserAgentAttacks.html I tested a bunch of variants, while using a couple "popular" stats reporting apps, and they were sanitizing properly - but in case anyone is rolling their own, hope it helps someone. best regards, trevor