"ANTLR is a big topic, so this is a big article." - ANTLR is a programming language parser/lexer written in Java.
And speaking of JScript...
The XSS Vulnerability
The Links you can add to your profile weren't escaped properly. Angle brackets (<) were stripped from the URL, but quotation marks were not. This allowed a very simple hack: I could just enter something resulting in the following HTML on my profile page:
<a href="http://www.google.com" onmouseover="evilscript();" rel="me">FooBar</a>
Of course, this is only a tiny link on my profile page. How big is the chance for someone to mouse over it? Well, this was easily fixed with some CSS styles in my URL:
style="z-index:999999; position:absolute; top:0; left:0; font-size:200pt; text-decoration:none;"