Preventing Xss In Jsp

Havent been on in a while, figured i was over due. In this article i am going to tell you a really simple way to prevent basic xss injections on your jsp websites. Here we go:

After you have created a basic form for your main page, generally it will either be sent to a servlet, or to another jsp page. The preoblem is by default without using a bean, or any other method of validation the pages are wide open to xss. There is a single line of code that can be used for sanitation. First grab the post data as usual
String name = request.getParameter("username").toString();
Now add this line to your function:
name = name.replaceAll("(?i)<script.*?>.*?</script.*?>", " Xss Is Not Allowed");
Voila, script tags are not allowed, you can use this string for all other injection types as well like so
name = name.replaceAll("(?i)<script.*?>.*?</script.*?>", " Xss Is Not Allowed");
name = name.replaceAll("(?i)<iframe.*?>.*?</iframe.*?>", " Iframes Are Not Allowed");
name = name.replaceAll("(?i)<anything else you can think of.*?>.*?</anything else you can think of.*?>", " Stuff Is Not Allowed");