In this chapter we covered a whopping amount of information about XSS. Its large attack surface makes it difficult to evade, but you now know the various OWASP rules on how to avoid XSS flaws in your application. You should be able to identify different attack points and know when to apply which encoding rules.
XSS is not the only attack vector on the client side. In the next chapter, we look at another one: CSRF (cross-site request forgery).