Jordan Weins post about the exact problem with offensive defense systems on his blog How Not to protect your webap. Great job Apple, the word “script” is so evil I can’t do a search for Applescript. So would argue this is a good thing, especially if they have seen any of the Applescript I have written. This smells like someone who does not understand Web Application Security, specifically cross site scripting, created a rule to block the one bad vector they could think of, while not thinking through the impact of that rule. Now if someone could just import that rule onto the MS website maybe we could rid the world of VBScript.