Some APIs support scripting instructions as arguments. Methods that take
						scripted instructions (or references to scripted instructions) can be very
						flexible and powerful. However, if an attacker can specify the script that
						serves as input to these methods they can gain access to a great deal of
						functionality. For example, HTML pages support <script< tags
						that allow scripting languages to be embedded in the page and then
						interpreted by the receiving web browser. If the content provider is
						malicious, these scripts can compromise the client application. Some
						applications may even execute the scripts under their own identity (rather
						than the identity of the user providing the script) which can allow
						attackers to perform activities that would otherwise be denied to
						them.