Whelp, I finally found enough time to go through and test for Opera 9 and update the Cross Site Scripting Cheat Sheet thanks to help by Kanedaaa. Instead of it taking 4-6 hours it only took 2, thanks to him - so big thanks there!
The biggest thing to note was a change to the remote style sheet part 3 vector. Previously only Opera was vulnerable to it, and apparently they’ve fixed that. It’s a good thing because it wasn’t RFC compliant anyway.
For the most part Opera remains unchanged as far as vulnerability to XSS as a whole. It’s still pretty good, but hasn’t improved wildly over the last major revision. Thanks again to Kanedaaa, as I really just needed a kick to start on it. Next I have to test Firefox 2.0. I pretty much already have, but that’ll probably have to wait until the weekend when I have more time.