Everyone knows the internet is a dangerous place. The best way to protect against web-based attacks, including XSS, is to keep all active web content off of endpoints.
Depending on who you ask, there are between 3 and 5 pillars of a Zero Trust strategy, although however, they are divided, they all encompass the same requirements.