--- JSON-XS/XS.pm	2007/06/11 03:45:26	1.41
+++ JSON-XS/XS.pm	2007/06/14 23:58:57	1.42
@@ -722,6 +722,14 @@
 of. In that case, you get to keep the pieces. I am always open for hints,
 though...
 
+If you are using JSON::XS to return packets to consumption
+by javascript scripts in a browser you should have a look at
+L<http://jpsykes.com/47/practical-csrf-and-json-security> to see wether
+you are vulnerable to some common attack vectors (which really are browser
+design bugs, but it is still you who will have to deal with it, as major
+browser developers care only for features, not about doing security
+right).
+
 
 =head1 BUGS