A web administrator is responsible for the security of a web application. The administrator wants to prevent cross-site scripting (XSS) attacks where user input is reflected back and executed as part of the web page content. Which of the following best practices should the administrator use to achieve this goal?

A. Input validation
B. Output encoding
C. Parameterized queries
D. Strong password policies