xss is definitely at the top of the security issues real users face every day, since most people spend a great deal of time surfing the web and xss exploits are so trivial to code. some things you can do as a user - run noscript for firefox. i cannot stress this enough. allow js for sites you need and trust. block all of the others. if you do not run noscript, assume your cookies have already been stolen, likely multiple times.
for content producers, prefer css to js where they provide complimentary functionality and where it is technically possible. this will also provide higher performance.
there is little point bemoaning the state of site exploits further, as most of the exploiters know what they are doing and are making money by mining data they steal.
even for technically astute users and developers, i can assure you that you will be shocked and amazed at what some of the advanced xss hackers can do.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds