The primary inspiration for this talk is the various security issues I have discovered in web applications (BOSH or otherwise) over the past years. This was originally meant to be a short length discussion at the Summit, but I was encouraged by various folks to do this at FOSDEM as the talk can appeal to a broader audience. The talk is developer oriented. Most of the ideas would apply to displaying any untrusted user provided content in a web-based environment, even in applications which are not BOSH based.