But cross-site scripting, a bug that allows a user to be tricked into clicking on a maliciously-crafted URL that causes a site to run a potentially dangerous script in their browser, still affects more than half of sites it tested.
FORBES: Researchers Say The Web May Be Offering Fewer Footholds To Hackers