Even famous sites like Twitter are suffering from XSS vulnerability, what should we do to prevent this kind of attack?
I don't what you write your code with, but if your use asp.net, you are partly covered. asp.net has what they call request validation that when enabled, it prevent malicious script to be introduced via user input.
But sometimes, you'll have to allow some kind of text editor like the one you typed in this question. In this case, you'll have to partly disable request validation to allow some "rich text" html to be input by the end user. In this case you will have to build some kind of white list filtering mechanism.
FYI, I don't know about others but Microsft has library called Anti-Xss.