IBM: Not eating its own dog food on cross-site scripting

Thanks to my buddy Ben Walther for this one. Looks like IBM’s guidance on protecting against cross-site scripting is, in fact, vulnerable to injection. Click here to see. 🙂