This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
What i wanna do is to encode the query string parameter values in the URL. i.e. if some user tries modifying the URL as below:
http://myapplication.com/items/?size=<script>alert('there is a vulnerability!!')</script>, then all the special symbols must in the query string URL must be replaced with their equivalent encoded values. This is mainly to prevent XSS attacks.