If you're a Google Website Optimiser user then you've probably already received and read the email below. If you've not, but do use Google Website Optimiser, then you may need to update your code to prevent an XSS attack. There's no mention of the fix or issue on http://websiteoptimizer.blogspot.com/ , but in the interests of getting people up to speed as quickly as possible here is a copy of the email containing the fix needed, with thanks to Trevor Claiborne from Google. This applies to any scripts created before December 3rd, 2010. Dear Website Optimizer user, We are writing to inform you of a potential security issue with Website Optimizer. By exploiting a vulnerability in the Website Optimizer Control Script, an attacker might be able to execute malicious code on your site using a Cross-Site Scripting (XSS) attack. This attack can only take place if a website or browser has already been compromised by a separate attack. While the immediate probability of