Microsoft has posted an article on what real world XSS vulnerable code looks like in ASP.NET applications. Handy if you develop asp.net or audit it for issues.
"From couple of weeks we have been seeing some XSS vulnerabilities in
asp.net code. Today I wanted to show you guys some real world examples
ranging from property assignments, data binding and JavaScript
building. For each example, I will offer both the vulnerability and
mitigation which is very useful in self reviews. Before I say anything
further, I want to caution you by saying that the following code
examples must never be used in any application."
Read More: http://blogs.msdn.com/cisg/archive/2008/09/10/real-world-xss-vulnerabilities-in-asp-net-code.aspx
