Ninety-five percent of the one billion websites Google scanned ​recently were vulnerable to Cross-Site Scripting, or XSS, attacks, allowing hackers to load malicious code onto the computers of anyone who visited their page. This week the company issued tools​ to help web developers identify and mitigate XSS vulnerabilities.