Cross Site Scripting Through URL

[Bacchus15]

I have been told to find a fix to Cross Site Scripting (XSS) in some of my bank old .asp pages.I did some research on the subject, but I didn't find an answer to my problem. It's the first time I heard about XSS and the first time I am looking at ASP (although the page has nothing but HTML) and I haven't been into web design for about 2 years now, so I am very very rusty.So for example, I have this form\[code\]<form method="POST" id="CH" name="CH" action="http://some_url/some.asp"><input type="hidden" name="srv" value="http://stackoverflow.com/questions/13750489/1" ID="srv"/><TABLE border="0" cellpadding="0" cellspacing="0" width="100%" align="center"> <TR valign="top"> <TR> <TD align="center">Input something here <input name="input_something" type="text" class="field-no-fit" maxlength="12" value=""> </TD> </TR> </TR></TABLE></form>\[/code\]If I manually input the URL (which contains this form) as \[code\]http://this_url/this.asp?1=%22%3E%3Cscript%3Ealert%28HelloWorld%29%3C/script%3E%3Cimg%20alt=%22%22%20src=http://stackoverflow.com/questions/13750489/%22\[/code\]the page will load and then it will throw a javascript alert and display an error image.My goal is to stop scripts from running when opening the page. I read about Server.HTMLEncode but can't find a way to use it to stop the script from running at page load.Thanks in advance!