...
[MITRE 2009] CWE ID 116 "Improper Encoding or Escaping of Output"
[OWASP 2008] How to add validation logic to HttpServletRequest, XSS (Cross Site Scripting) Prevention Cheat Sheet
[OWASP 2011] Cross-site Scripting (XSS)
...
IDS11-J. Eliminate noncharacter code points before validation void IDS05-J. Library methods should validate their parameters