on ‘a list apart’ is an article on the security of your online community site, specifically concerning cross site scripting (XSS). it’s a good overview of what can happen (and definitely read the linked article re: my space’s ‘sammy is a hero’ worm) and some suggestions. part 2 (coming) will get into the code to prevent attacks.