yeah, and Microsoft don't help matters when they release IE8 and IE8's new security features can open up your site to XSS attacks even if your site is protected from it by secure coding practices.
http://community.impresscms.org/modules/newbb/viewtopic.php?topic_id=3834&forum=12&post_i...