Fixing Cross-site Scripting in Java

Use when the parameter is being echoed:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<p>Welcome <c:out value="${user.name}" /></p>

Use while taking the user input:

<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<input name="username" value="${fn:escapeXml(param.username)}">