A simple anti XSS measure, is to use the NoScript plug in, in Firefox.

Unfortunately, that means being pestered incessantly by messages saying it blocked an XSS attempt on ebay, unless you disable them in the options.

Presumably, ebay actually uses XSS deliberately.  It doesn't seem to break anything important if you block it, but it does strike me as utterly stupid - routinely behaving like a malicious attacker, to do something non-essential.