Cross site scripting (XSS) is a big problem in Web Application environments. In fact, the 2007 OWASP Top Ten list of web application vulnerabilities has XSS at #1. In a recent paper, Shreeraj Shah, founder of Net Square, describes in detail the process for protecting applications developed using the AJAX framework. It also includes scripts to automatically scan code for XSS vulnerabilities. The paper can be found here.