Has the issue with XXS been solved somehow yet?

I noticed that it is possible to escape the data before it is sent to the server, but it is stil possible to insert javascripts on the clientside.

Is there a nice way of escaping the output before it is rendered? http://www.trirand.com/blog/jqgrid/jqgrid.html# Try adding alert(“XXS”); in the input box.