http://shiflett.org/

http://shiflett.org/talks/apachecon2003

http://www.phparch.com/sample.php?mid=16

http://httpd.apache.org/info/css-security/

http://www.cgisecurity.com/articles/xss-faq.shtml

http://linux.duke.edu/projects/mini/htmlfilter/

http://www.tux.org/~peterw/csrf.txt