Protect script-server from XSS and XSRF attacks

[bugy]

Currently script server is not safe enough against XSS attacks. Should be fixed

Possible solution
http://www.tornadoweb.org/en/stable/guide/security.html#cross-site-request-forgery-protection

[bugy]

Added XSRF protection via tokens
Analyzed and fixed XSS issues for the code (or added a description to Wiki, when it's unavoidable).