When unavoidable, perform rigorous white-list based filtering ... A real world example is hard-coding the username and password into the JavaScript on the client-side. Implementing logical ...