How to use getParameter in jsp the safe way

I'm using getParameter to get content from URL to the page.

<p>name <%= request.getParameter("name") %></p>

What co开发者_Python百科ntent schould I avoid (ex. script tags)?

How should I validate it?

I'm working in JSP.

EDIT:

For today I just strip html tags:

variable.replaceAll("\\<.*?>","");

You should not use scriptlet in jsp its not good practise

<p>name <c:out value='${param.name}'/> </p>

you should take care of XSS attack c:out will escape xml

To escape javascript injection you can Use StringUtils.escapejavaScript()