Mike Reedell (Migrated from SEC-2167) said:
Provide a XSS filter to sanitize URL querystrings and headers to mitigate XSS attacks.
See the filter and request wrapper implemented in this blog post (not mine): http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/
Comment From: rwinch
This can cause problems on its own and can be seen by browsers attempts to sanatize HTML