[neuroo]

The top 10 is way too high level to be of any use, but the cheatsheets are actually not bad: https://www.owasp.org/index.php/XSS_Prevention_Cheatsheet (end of the page)

[tim333]

And if you don't read the cheatsheets there's something to be said for using a framework that implements most of the stuff by default. For example web2py tends to secure by default for the owasp stuff: http://www.web2py.com/book/default/chapter/01#Security

Personally I think I'm too dumb to implement all that stuff by hand without screwing something up.