[ozwald]

I was looking on my website, and someone had posted this (exactly as it would appear to any visitor in a browser):

Code:

test security
[_url=javascript:alert('traditional')]normal way[_/url]
[_url=javascript:alert("XSS")]boom[_/url][_url=javascript:alert('XSS'&#41]O_o[_/url]
[_url=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041]more[_/url]
[_url=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29]boom[_/url]
[_url=jav	ascript:alert('XSS');]even more[_/url]
[_url=jav
ascript:alert('XSS');]bad[_/url]
[_url=jav
ascript:alert('XSS');]bad[_/url]

-- Note that I've added "_" so this forum wouldn't process the url tags. Note also that I have [url] tags available to my users, and the links weren't processed on my site.

I did some googling, and from what I can figure this appears to be a cross-site scripting attack. However, I don't know much about these things, and I was wondering the since a lot of the characters appear to have been converted to unicode that this is harmless? I've since deleted it, but if there is a security issue here, how can I deal with it?

Thanks.