How do I HTML Encode all the output in a web application?

Question

I want to prevent XSS attacks in my web application. I found that HTML Encoding the output can really prevent XSS attacks. Now the problem is that how do I HTML encode every

Answer 1

If you do actually HTML encode every single output, the user will see plain text of <html> instead of a functioning web app.

EDIT: If you HTML encode every single input, you'll have problem accepting external password containing < etc..