In passing: on web security

The folks at the Caja project have compiled a great list of known attack vectors against Javascript engines and browsers, complete with detailed descriptions and examples.

If you're interested in web security, this paper on Caja is a great read (and the project is worth keeping an eye on).