diff --git a/umbraco/presentation/umbraco/controls/Tree/TreeControl.ascx.cs b/umbraco/presentation/umbraco/controls/Tree/TreeControl.ascx.cs
index a957335b82..9384246c3e 100644
--- a/umbraco/presentation/umbraco/controls/Tree/TreeControl.ascx.cs
+++ b/umbraco/presentation/umbraco/controls/Tree/TreeControl.ascx.cs
@@ -259,8 +259,6 @@ namespace umbraco.controls.Tree
             //Render out the JavaScript associated with all of the trees for the application
             RenderTreeJS();
 
-            RenderActionJS();
-
             //apply the styles
             if (Width != Unit.Empty)
                 TreeContainer.Style.Add(HtmlTextWriterStyle.Width, Width.ToString());
@@ -410,29 +408,6 @@ namespace umbraco.controls.Tree
             Page.ClientScript.RegisterClientScriptBlock(this.GetType(), "Trees_" + GetCurrentApp(), JSCurrApp, true);
         }
 
-        /// <summary>
-        /// renders out the script block sources defined in any IAction
-        /// </summary>
-        private void RenderActionJS()
-        {
-            foreach (IAction a in global::umbraco.BusinessLogic.Actions.Action.GetAll())
-            {
-                // NH: Added a try/catch block to this as an error in a 3rd party action can crash the whole menu initialization
-                try
-                {
-                    if (!string.IsNullOrEmpty(a.Alias) && (!string.IsNullOrEmpty(a.JsSource)))
-                    {
-                        Page.ClientScript.RegisterClientScriptBlock(a.GetType(), a.Alias, a.JsSource, true);
-                        //Page.ClientScript.RegisterClientScriptInclude(a.GetType(), a.Alias, a.JsSource);
-                    }
-                }
-                catch (Exception ee)
-                {
-                    Log.Add(LogTypes.Error, -1, "Error initializing tree action: " + ee.ToString());
-                }
-            }
-        }
-
         /// <summary>
         /// Return the current application alias. If neither the TreeType of Application is specified
         /// than return the default application. If the Application is null but there is a TreeType then
diff --git a/umbraco/presentation/umbraco/umbraco.aspx b/umbraco/presentation/umbraco/umbraco.aspx
index fea82fea58..6e55e505f7 100644
--- a/umbraco/presentation/umbraco/umbraco.aspx
+++ b/umbraco/presentation/umbraco/umbraco.aspx
@@ -31,8 +31,6 @@
 	<umb:JsInclude ID="JsInclude11" runat="server" FilePath="js/language.aspx" PathNameAlias="UmbracoRoot" />	
 	<umb:JsInclude ID="JsInclude4" runat="server" FilePath="modal/modal.js" PathNameAlias="UmbracoClient" Priority="10" />	
 	<umb:JsInclude ID="JsInclude12" runat="server" FilePath="js/UmbracoSpeechBubbleBackend.js" PathNameAlias="UmbracoRoot"  />	
-    
-    <asp:PlaceHolder id="IActionJSFileRef" runat="server"></asp:PlaceHolder>
 
     <script type="text/javascript">
         this.name = 'umbracoMain';
diff --git a/umbraco/presentation/umbraco/umbraco.aspx.cs b/umbraco/presentation/umbraco/umbraco.aspx.cs
index 52eff86e39..f7025373a0 100644
--- a/umbraco/presentation/umbraco/umbraco.aspx.cs
+++ b/umbraco/presentation/umbraco/umbraco.aspx.cs
@@ -16,6 +16,8 @@ using ClientDependency.Core;
 using umbraco.IO;
 using System.Linq;
 using System.Text;
+using ClientDependency.Core.Controls;
+using System.Text.RegularExpressions;
 
 namespace umbraco.cms.presentation
 {
@@ -87,13 +89,6 @@ namespace umbraco.cms.presentation
 
             RenderActionJS();
 
-            // Load default right action
-            //            string rightAction = String.Format(@"
-            //                var initApp = '{0}';
-            //                var rightAction = '{1}';
-            //                var rightActionId = '{2}';", umbraco.presentation.UmbracoContext.Current.Request["app"], helper.Request("rightAction"), helper.Request("id"));
-            //            ScriptManager.RegisterClientScriptBlock(Page, Page.GetType(), "rightAction", rightAction, true);
-
             // Version check goes here!
 
             string updateCheckCookie = "";
@@ -121,30 +116,54 @@ namespace umbraco.cms.presentation
         /// Renders out all JavaScript references that have bee declared in IActions
         /// </summary>
         private void RenderActionJS()
-        {
-            string script = @"<script type=""text/javascript"" src=""{0}""></script>";
-            foreach (string jsFile in umbraco.BusinessLogic.Actions.Action.GetJavaScriptFileReferences())
-                IActionJSFileRef.Controls.Add(new LiteralControl(string.Format(script, jsFile)));
+        {            
+            var item = 0;
+            foreach (var jsFile in umbraco.BusinessLogic.Actions.Action.GetJavaScriptFileReferences())
+            {
+                //validate that this is a url, if it is not, we'll assume that it is a text block and render it as a text
+                //block instead.
+                var isValid = true;
+                try
+                {
+                    var jsUrl = new Uri(jsFile, UriKind.RelativeOrAbsolute);
+                    //ok it validates, but so does alert('hello'); ! so we need to do more checks
+                    
+                    //here are the valid chars in a url without escaping
+                    if (Regex.IsMatch(jsFile, @"[^a-zA-Z0-9-._~:/?#\[\]@!$&'\(\)*\+,%;=]"))
+                        isValid = false;
+
+                    //we'll have to be smarter and just check for certain js patterns now too!
+                    var jsPatterns = new string[] { @"\+\s*\=", @"\);", @"function\s*\(", @"!=", @"==" };
+                    foreach (var p in jsPatterns)
+                    {
+                        if (Regex.IsMatch(jsFile, p))
+                        {
+                            isValid = false;
+                            break;
+                        }
+                    }
+
+                    if (isValid)
+                    {
+                        //add to page
+                        Page.ClientScript.RegisterClientScriptInclude(this.GetType(), item.ToString(), jsFile);
+                    }                    
+                }
+                catch (UriFormatException)
+                {
+                    isValid = false;
+                }
+
+                if (!isValid)
+                {
+                    //it is invalid, let's render it as a script block instead as devs may have written real Javascript instead
+                    //of a JS path
+                    Page.ClientScript.RegisterClientScriptBlock(this.GetType(), item.ToString(), jsFile, true);
+                }
+
+                item++;
+            }
         }
 
-		#region Web Form Designer generated code
-		override protected void OnInit(EventArgs e)
-		{
-			//
-			// CODEGEN: This call is required by the ASP.NET Web Form Designer.
-			//
-			InitializeComponent();
-			base.OnInit(e);
-		}
-		
-		/// <summary>
-		/// Required method for Designer support - do not modify
-		/// the contents of this method with the code editor.
-		/// </summary>
-		private void InitializeComponent()
-		{    
-
-		}
-		#endregion
 	}
 }
diff --git a/umbraco/presentation/umbraco/umbraco.aspx.designer.cs b/umbraco/presentation/umbraco/umbraco.aspx.designer.cs
index abfe950921..8c062d4bd6 100644
--- a/umbraco/presentation/umbraco/umbraco.aspx.designer.cs
+++ b/umbraco/presentation/umbraco/umbraco.aspx.designer.cs
@@ -164,15 +164,7 @@ namespace umbraco.cms.presentation {
         /// To modify move field declaration from designer file to code-behind file.
         /// </remarks>
         protected global::ClientDependency.Core.Controls.JsInclude JsInclude12;
-        
-        /// <summary>
-        /// IActionJSFileRef control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.PlaceHolder IActionJSFileRef;
+           
         
         /// <summary>
         /// Form1 control.