[SECURITY] XSS in validateForm