There was nothing attached.
XSS errors can be erroneously triggered simply because we are loading content from Facebook's servers. There's been a lot of care to make sure there are no true XSS vulnerabilities within JFBConnect (as well as on Facebook's side with their libraries). However, post whatever you see, and we'll gladly investigate and respond to any issues.
Thanks,
Alex