After spending way longer than I'd hoped on it (what a can of worms!) I have a Domino form that I believe to be XSS-safe. So sure was I that I put a message on there about a (nominal) monetary reward for the first user to hack the form. Then I had a scary vision of loads of you doing it and me being out of pocket big time, so I took the message off. I'll put it back on after the "first pass" of testing in the wild.
I've tested the form against all the hacks listed here and it seemed to stand up to them well. I also tested it using the XSS Me Firefox plugin, which it passed with flying colours. Please only use XSS Me on your own local applications. DO NOT point it at codestore.net or any other website you don't own for that matter!
Disclaimer: Last week Dragon Cotterill pointed out that I could be committing and offence by describing how to hack a webpage. I said I wouldn't lose sleep over it, but Chris Linfoot then suggested I should. Whatever your outlook I guess what I'm asking you to do is in fact to commit a criminal offence by attempting to hack the above webpage. If you don't feel comfortable doing so then I suggest you don't. Although it goes without saying that I won't press charges.