What is the method for configuring protection against XSS attacks in Java?

In Java, you can prevent XSS (cross-site scripting attacks) by using the following methods:

1. Input validation: Validate and filter user input data, only accepting data that meets the specified criteria.
2. Encoding output: When displaying user-submitted data on a page, make sure to use appropriate encoding methods such as HTML entity encoding or JavaScript escaping to handle special characters in the input, ensuring that the browser does not interpret it as executable script.
3. Implementing a secure framework: Using Java frameworks or security libraries, such as OWASP ESAPI, to automate input validation and output encoding.
4. Enhance browser security by configuring secure headers in the HTTP response, such as X-XSS-Protection and Content-Security-Policy, to prevent XSS attacks.
5. Utilize a secure template engine like Thymeleaf or FreeMarker to automatically handle output encoding and avoid manual coding logic.

By using the above methods, the risk of XSS attacks can be effectively reduced and the security of applications can be enhanced.