Cross Site Scripting (XSS)

The platform currently uses ESAPI, the OWASP Enterprise Security API. To use it in a project, add this line to ivy.xml:

<dependency org="org.owasp" name="ESAPI" rev="2.0_rc6" transitive="false" />

To use it in a JSP:

<%@page import="org.owasp.esapi.ESAPI"%>
var javaScriptVar = "<%= ESAPI.encoder().encodeForJavaScript(someInputFromTheUser) %>";

Please review this excellent resource:

XSS Prevention Cheat Sheet