cross site scripting(XSS) defend code in java

following code are used to defend XSS attack




1.

public static String getXSSCheck(String strTemp){
        if (strTemp == null || strTemp == "")
            return "";

        strTemp = replace(strTemp, "#", "&#35"); //1
        strTemp = replace(strTemp, "&", "&#38"); //2
        strTemp = replace(strTemp, "&#38#35", "&#35"); // 1번 처리 이후 생긴 &를 2번에서 재수정하여 보정

        strTemp = replace(strTemp, "<", "&lt;");
        strTemp = replace(strTemp, ">", "&gt;");
        strTemp = replace(strTemp, "(", "&#40");
        strTemp = replace(strTemp, ")", "&#41");
        strTemp = replace(strTemp, "\"", "&#34");
        strTemp = replace(strTemp, "/", "&#47");
        strTemp = replace(strTemp, "?", "&#92");
        strTemp = replace(strTemp, ":", "&#59");
        strTemp = replace(strTemp, "\n", "&#10"); //line feed
        strTemp = replace(strTemp, "\r", "&#13"); //carriage return

        return strTemp;
    }

2.map data 일괄적용

  /**
     * XSS체크 일괄 적용
     * @param 
     * @return String
     */
    public static LData getAdjustedXSSData(LData data){
        Object[] obj = data.getKeys();
        for(int i=0;i < obj.length;i++){
            String tmp = (String)obj[i];
            data.setString(tmp, StringUtil.getXSSCheck(data.getString(tmp)));
            
        }
        return data;
    }