Which coding practice prevents cross-site scripting (XSS) attacks by transforming special HTML characters into their safe equivalents?