In annals of useless of advice, this answer from the Cross Site Scripting (XSS) FAQ on PHP Advisory, to the question of what end-users can do to protect themselves, must rank pretty high:
The easiest way to protect yourself as a user is to only follow links from the main website you wish to view. If [...]