> They had the exact same problems w/XSS, no input validation. Input validation? Don't you mean output escaping? You must not allow uber leet usernames like |<33|>. :) -john cambpell