Talk:Cross-site Scripting (XSS)

XSS using Script Via Encoded URI Schemes
The page mentions XSS using Script Via Encoded URI Schemes, but what are the ways to prevent that? I don't see any matching rule in the cheat sheet. Can some library help? I'm personally interested in a PHP library.