XSSes are everywhere. They’ve been the most common vulnerability class for years. But while popping an alert may seem simple, there’s much, much more to cross-site scripting. What payloads are people using? Where are people finding XSSes? What about CSP? Can you...