Reviewing code for Cross-site scripting vulnerabilities