The Sanitize module provide a SanitizePlugin that provide utilities for input/output sanitization and encoding thanks to OWASP projects.
HTML/CSS/Javascript sanitization uses AntiSamy. By default, the slashdot policy used. You can provide your policy through the sanitize.policy configuration property. All default AntiySamy policies are bundled within the module at the classpath’s root.
JSON sanitization uses json-sanitizer.
Encoding for output uses java-encoder.