Security alert 0000005

A cross-site scripting (XSS) attack was possible with carefully crafted URLs.

Fix is to upgrade to version 0.9.9 or 1.0.0beta2.