Translations:Security checklist for developers/55/en

User provided CSS (Say for use in a $1 attribute) needs to be sanitized to prevent XSS, as well as to disallow insertion of tracking images (via background-image), etc