Gmail accounts ‘wide open to exploit’ through XSS (presumably in the form of an email).
Chris has a good explaination on XSS Self Defence.
While on the subject; was glancing at a PHP book called “PHP 4 Programming for Advanced Web Developers” – you thankfully won’t find in the bookstores (electronic only for a limited online bookstore). Here’s a quote;
That suggests client side validation is good enough (and makes me want to scream). Think there needs to a place to report misinformation as well as application security holes.