Forum OpenACS Q&A: Response to Bugtraq: cross site scripting

IF that works (and I am not sure it will), it was a serious breach of programming know for several years. All the code that I ever checked had a magic key from the preceding form that was passed thereby authenticating the submitted form.