解决XSS最关键的方法是编码(了解编码细节请参看:https://p.rogram.me/encode/),而成熟的库可以帮你快速解决XSS问题。

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.

Web Site

https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Code Base

https://github.com/ESAPI/esapi-java

AntiXSS helps you to protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy application with its Security Runtime Engine. Working with customer and partner feedback, AntiXSS incorporates radically and innovatively rethought features, offering you a newer, more powerful weapon against the often employed cross-site scripting (XSS) attack.

Web Site

https://msdn.microsoft.com/en-us/security/aa973814.aspx

Code Base

https://wpl.codeplex.com/