...
- OWASP XSS Prevention Cheat Sheet
- XSS Prevention Rules Summary
- OWASP Cross-Site Scripting Article
- Unraveling Some Mysteries around DOM-based XSS
- ESAPI Project Home Page
- ESAPI Encoder API
- ASVS: Output Encoding/Escaping Requirements (V6)
- ASVS: Input Validation Requirements (V5)
- Testing Guide: 1st3 Chapters on Data Validation Testing
- OWASP Code Review Guide: Chapter on XSS Review
- CWE Entry 79 on Cross-Site Scripting
- Rsnake's XSS Attack Cheat Sheet
- XXE Cheat Sheet
- XML Parser Evaluation
- RSPEC proposal about Java and XXE