Basic prevention methods
Check for proper sanitation/escaping anywhere there is user input
(even user input that is a select box; the value can be assigned with js)
Test said inputs with this good test string:
>'>"><img src=x onerror=alert(0)>
Wherever your application handles user-supplied URLs, enter:
javascript:alert(0) data:text/html,<script>alert(0)</script>
Create a test user profile with data similar to the test strings above.
Use that profile to interact with your application.
This can help identify stored XSS bugs.