Avoid Cross site scripting in Jsp

How to avoid Cross site scripting in Jsp.
Currently I am using scriptlet code to display any error messages.
Below is the code :
<%
out.println (error.getMessage() );
%>

How do make this statement to avoid Cross Site Scripting.

Thank you guys
Siva

In which way do you think this code is vulnerable to XSS attacks? Is the string returned by getMessage generated from user input?

No, this getMessage is generated from server.
Even i don't know that is the only code to attack Cross site scripting, If so, How to write code in jsp to avoid things means Cross site scripting.

Start reading here: http://www.coderanch.com/how-to/java/SecurityFaq#web-apps

If you use c

ut instead of a scriptlet, it will escape the special characters for you.