Cross Site Scripting (XSS)
The platform currently uses ESAPI, the OWASP Enterprise Security API. To use it in a project, add this line to ivy.xml:
<dependency org="org.owasp" name="ESAPI" rev="2.0_rc6" transitive="false" />
To use it in a JSP:
<%@page import="org.owasp.esapi.ESAPI"%> var javaScriptVar = "<%= ESAPI.encoder().encodeForJavaScript(someInputFromTheUser) %>";
Please review this excellent resource: