:A: See `Malicious HTML Tags Embedded in Client Web Requests <http://www.cert.org/advisories/CA-2000-02.html>`_
and `Understanding Malicious Content Mitigation for Web Developers <http://www.cert.org/tech_tips/malicious_code_mitigation.html>`_
at `CERT <http://www.cert.org/>`_ for an overview of Cross-Site Scripting
- (XSS) issues. It is ultimately up to the developer to remove potential XSS
- vulnerabilities from their apps and sites.
+ While it is ultimately up to the developer to remove potential XSS
+ vulnerabilities from their apps and sites, there are several Cherrypy
+ settings that can help. They are discussed in the
+ :doc:`programmer's guide </progguide/security>`.
:Q: Why does CherryPy take CPU/RAM even though it's not yet receiving requests?