Translations:Cross-site scripting/10/en

POST requests are also vulnerable, using offsite JavaScript.