So I have this friend. I’ve told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities — dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He’s hard headed.