Alex Coventry wrote: > > <A HREF="http://example.com/comment.cgi? mycomment=<SCRIPT>malicious code</SCRIPT>">malicious code"> Click here</A> What would you expect to have happen here? cheers, Chris