What i wanna do is to encode the query string parameter values in the URL. i.e. if some user tries modifying the URL as below:
http://myapplication.com/items/?size=<script>alert('there is a vulnerability!!')</script>, then all the special symbols must in the query string URL must be replaced with their equivalent encoded values. This is mainly to prevent XSS attacks.