[
 ; Prevent CSRF
 (define-session csrf-token)
 (if (brl-blank? csrf-token)
   (set! csrf-token (brl-random-typeable 8)))
 (define-input name token)
 (define valid-submission (equal? token csrf-token))

 (brl-when valid-submission 

  ; Don't prevent XSS
]Hi [name]!  Pleased to meet you!
[)
 (brl-unless valid-submission
]<form>
<input type="hidden" name="token" value="[csrf-token]" />
What's your name?  <input type="text" name="name" />
<input type="submit" value="Introduce Yourself" />
</form>
[)]
<p><a href="[(brl-source-link brl-context)]">View Source</a></p>