WEB漏洞的修复

public HashMap test(String value){
  int ab=-1; 
  HashMap<String,String> map =new HashMap<String,String>();
  String []arr=new String[]{"</script","<iframe","</iframe","<frame","</frame","set-cookie",              
  "%3cscript","%3c/script","%3ciframe","%3c/iframe","%3cframe","%3c/frame",           
  "src=\"javascript:","<body","</body","%3cbody","%3c/body","<",">","</","/>",             
  "%3c","%3e","%3c/","/%3e","javascript:"};
  for(int i=0;i<arr.length;i++){
     String  ar=arr[i];
     if(!(value==null||value.trim().equals(""))){
     ab=value.toLowerCase().indexOf(ar.toLowerCase());    
   
     if(ab>0){
      value = value.replaceAll( "<", "&lt;" );
      value = value.replaceAll( ">", "&gt;" );
      value = value.replaceAll( "\"", "&quot;" );
      value = value.replaceAll( "'", "‘" );
      value = value.replaceAll( " ", "&nbsp;" );
      value = value.replaceAll( "&", "&amp;" );  
      map.put("ab", ab+"");
      map.put("value", value);
      return map;
      }
     }
  }
  if(!(value==null||value.trim().equals(""))){
     value = value.replaceAll( "<", "&lt;" );
     value = value.replaceAll( ">", "&gt;" );
     value = value.replaceAll( "\"", "&quot;" );
     value = value.replaceAll( "'", "‘" );
     value = value.replaceAll( " ", "&nbsp;" );
     value = value.replaceAll( "&", "&amp;" );   }  
     map.put("ab", ab+"");
     map.put("value", value);
     return map;
 }