Dan Kuykendall over at Mightyseek just put out his second cross site scripting (XSS) podcast. Honestly, I think this time around he is doing a much better job explaining, not just how it works, but some of the details around filter evasion. He actually sets up a hackme type server with a few examples that show how to evade them.
Additionally he plugs the cross site scripting cheat sheet (no, he wasn’t paid for the plug). As dynamic website technology advances, and there are more unique forms of filters in the world, this is going to be more and more imperative over time. Anyway, if you are new to XSS, Dan’s podcast is worth a listen. It’s definitely not designed for the web application security professional, but rather, it’s a simple tutorial. Hopefully this sort of thing will continue, because as the web grows, XSS, and all forms of web application security will become a bigger issue.