British Airways data theft demonstrates need for cross-site scripting restrictions

>