• Cross Site Scripting”, http://en.wikipedia.org/wiki/Cross-site_scripting, Wikipedia
  • “JSONRequest”, http://json.org/JSONRequest.html, Douglas Crockford

  • “ADSafe”, http://www.adsafe.org/, Douglas Crockford
  • SMash: Secure Cross-Domain Mashups on Unmodified Browsers, Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari, Sachiko Yoshihama, IBM Corporation

  • Cross Site Request Forgery, http://www.owasp.org/index.php/Cross-Site_Request_Forgery, WikiPedia

  • Mitigating Cross-site Scripting With HTTP-only Cookies, http://msdn2.microsoft.com/en-us/library/ms533046.aspx, Microsoft

  • “Fixing browser security: SameRefererOnly”, http://getahead.org/blog/joe/2007/08/07/fixing_browser_security_samerefereronly.html, Joe Walker

  • Mashup Security Approaches”, http://www.openajax.org/member/wiki/Mashup_Security_Approaches, OpenAjax Alliance
  • “Cross Domain Data Exchange Using Cascading Style Sheet as Data Carrier”, http://openajax.org/pipermail/communicationshub/attachments/20070929/db4bf7f0/attachment-0001.doc , Gideon Lee, OpenSpot
  • How do I make my site 'light up' with Internet Explorer 8, http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/DevelopersNew.htm, Microsoft