Measures to prevent XSS vulnerability (like Twitter's one a few days before)

Question

Even famous sites like Twitter are suffering from XSS vulnerability, what should we do to prevent this kind of attack?

Answer 1

Just like you can make SQL injection a non-issue by using prepared statements, you can make XSS non-issue by using templating engine (DOM serializer) that does similar thing.

Design your application so that all output goes via templating engine. Make that templating engine HTML-escapes all data by default. This way you'll have system that's secure by default and does not rely on humans (and rest of the large system) being diligent in escaping of HTML.