Gestion de l'injection XSS lors de l'envoie d'un message

WEB-INF/src/controleur/MessageController.java

@@ -9,6 +9,9 @@ import modele.dao.DaoLike;
 import modele.dao.DaoMessage;
 import modele.dto.Like;
 import modele.dto.Message;
+import org.apache.commons.text.StringEscapeUtils;
+import org.apache.commons.text.translate.CharSequenceTranslator;
+
 
 import java.io.IOException;
 import java.time.LocalDateTime;
@@ -17,6 +20,7 @@ import java.time.LocalDateTime;
 public class MessageController extends HttpServlet {
     DaoMessage daoMessage = new DaoMessage();
     DaoLike daoLike = new DaoLike();
+
     @Override
     protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         String username;
@@ -30,12 +34,13 @@ public class MessageController extends HttpServlet {
 
         switch (action){
             case "send":
-                String contenue = req.getParameter("message");
+                CharSequenceTranslator cst = StringEscapeUtils.ESCAPE_HTML4;
+                String contenu = cst.translate(req.getParameter("message"));
                 try {
                     int idThread = Integer.parseInt(req.getParameter("thread"));
 
-                    if (contenue != null && !contenue.isEmpty()) {
-                        Message message = new Message(0, username, idThread, contenue, LocalDateTime.now());
+                    if (contenu != null && !contenu.isEmpty()) {
+                        Message message = new Message(0, username, idThread, contenu, LocalDateTime.now());
                         daoMessage.create(message);
                     }
                     vue = "thread?action=open&id=" + idThread;