When a user provides user-generated content (e.g., coded in HTML or JavaScript) on a second party website, a webpage is served that contains code from two different sources—a user-generated code and party code associated with the second party website. Furthermore, if the user provides malicious code, the provider of the webpage associated with the second party website may be perceived as culprit of the malicious code.