I have received cases from users that their SF1 crashes from time to time. It is not consistent. Some times it works and some times it doesn't

One day this will happen:
When they look up contacts for an account, they have the ability to open the account page but when proceeding to open the contacts page for that account, it will not load and on some occasions crash.  This will occur after restarting the app as well. 

The next day, it works fine. 

The reception is 3-4 bars when using SF1. 
Has anyone else came across this issue??

To complete this challenge, you need to identify locations in code where cross-site scripting is possible. Navigate to the Built-In XSS Protections Challenge tab within the Cross-site Scripting (XSS) application. You will see text output corresponding to merge fields in the Visualforce code. Locate any usage of the merge field "{!sampleMergeField}". Edit the code comment beneath the merge field to indicate whether or not this code block is vulnerable to cross-site scripting. For instance:
-If the code is vulnerable, the comment should appear as <!-- Line 10 is vulnerable to XSS: YES -- >
-If the code is not vulnerable, the comment should appear as <!-- Line 10 is vulnerable to XSS: NO -- >

I am getting following error
Challenge Not yet complete... here's what's wrong:
Looks like you incorrectly identified some potential cross-site scripting vectors. Please try again.

Please help me to complete this challenge