4. XSS and CSRF