Useful resources explaining Cross Site Scripting (XSS) and how to code/guard against it.
CERT® Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
Cross-site Scripting (XSS)
Reviewing Code for Cross-site scripting
XSS (Cross Site Scripting) Prevention Cheat Sheet
OWASP Enterprise Security API
"OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Just as web applications and web services can be Public Key Infrastructure (PKI) enabled (PK-enabled) to perform for example certificate-based authentication, applications and services can be OWASP ESAPI-enabled (ES-enabled) to enable applications and services to protect themselves from attackers. "
"AntiXSS 3.0 helps you to protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy application with its Security Runtime Engine. Working with customer and partner feedback, AntiXSS 3.0 incorporates radically and innovatively rethought features, offering you a newer, more powerful weapon against the often employed cross-site scripting (XSS) attack."