关于什么是xss漏洞 参考：https://blog.****.net/cpongo11/article/details/103312716

对页面传入的参数值进行过滤，过滤方法如下

public static  String xssEncode(String s) {
        if (s == null || s.equals("")) {
            return s;
        }
        try {
            s = URLDecoder.decode(s, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        //< > ' " \ / # &
        s = s.replaceAll("<", "<").replaceAll(">", ">");
        s = s.replaceAll("\\(", "(").replaceAll("\\)", ")");
        s = s.replaceAll("'", "'");
        s = s.replaceAll("eval\\((.*)\\)", "");
        s = s.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
        s = s.replaceAll("script", "");
        s = s.replaceAll("#", "＃");
        s = s.replaceAll("%", "％");
        return s;
    }