A web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input is not validated to prevent malicious HTML from being presented to the user.One paragraph, two big sentences. Re-read as needed. :)
I'll be interested to see how Microsoft and AOL Time Warner's Netscape respond to this one. Thanks to Slashdot for the news.