User blog comment:Drew1200/Customs Template/@comment-5153769-20140321164549

The most harm anyone who actually knew what they were doing could do would be to somehow get a login token and be able to log in as a user. Which is bad, but no one here has a clue what they are doing. Not to mention that most browsers would probably prevent it. Most XSS hacks I have found only target certain older browsers, and don't always work.