Browsing: cross site scripting and csrf