1) please find a better way to inform the app developer security vuln
2) please don't stereotype or discriminate designers. There are designers that are way more conscious and way more knowledgeable about general web security best practice than many of the HN readers here. Professional sites like Google can have XSS. Don't be one of those ignorant thinking XSS is easy to solve. I bet you just created a new account so you can tell the world how much you think designers are incompetent regarding web security best practice. I bet you are also incompetent showing your true identity.
Looks like it was written by designers...