This chapter discusses the potential risks and vulnerabilities of running arbitrary code on websites, focusing on self-excess XSS attacks and the use of content security policy (CSP) to prevent JavaScript injection. The speakers highlight the benefits of using Sentry for handling CSP reports and the challenges in identifying hackers amidst violation reports.