Output encoding is a secure development technique where data is transformed before being rendered by a browser or other target system so it cannot be interpreted as executable code. It is the primary defense against Cross-Site Scripting (XSS). For example, if a username containing embedded JavaScript is displayed on an HTML page, output encoding converts the special characters into harmless HTML entities. The correct encoding method depends on the output context: HTML, JavaScript, URL, and CSS each require different treatment. Modern frameworks like React handle output encoding by default, but you need extra care when generating HTML dynamically.