Cross Site Scripting (XSS) vulnerabilities

I've not tested it yet, but how does Zoho prevent XSS attacks with so many 'open' fields in the wild on other sites accessing Zoho databases?

thanks

Dennis