Even if we
entirely, there is no way to protect against that distinct from general
restrictions on submissions from some user. The malicious user could
another source, a modifying proxy to insert it, or use a different
client-side tool to perform equivalent processing.
It's too bad we can't prevent massive damage that may result from
this. Oh well...
fact to determine his IP address even if he was behind a proxy, or
encourage him to install malicious ActiveX, or crash his browser. Let's
just say it wasn't a good choice of platform on his part.
-- Tim Starling