❑ open and read files directly (except under specific circumstances, as detailed in Chapter 18).
❑ create or edit files on the user’s computer (except cookies, which are discussed in Chapter 8).
❑ read HTTP POST data.
❑ read system settings, or any other data from the user’s computer that is not made available through language or host objects.1
❑ modify the value of a file input field.
❑ alter a the display of a document that was loaded from a different domain.
❑ close or modify the toolbars and other elements of a window that was not opened by script (i.e., the main browser window).
scripts, etc.) so if you stay away from those kinds of scripts, the issue will come up only rarely.