To mitigate inline Cross Site Scripting attacks, the product provides a framework to encode the data sent in the response. In the previous versions up until OBAPI 17.2.0.0.0 there was guidance in this section of the security guide on the steps needed to be followed to implement output encoding in your service response. However, in OBAPI 18.2.0.0.0 this is something that is handled implicitly in the framework for all services, base as well as any custom services that you might write.

There is nothing that you need to do explicitly to achieve this.