XSS VULNERABILITY FOR XML — response.getWriter().write(xml.toString());

[alexsafox]

I need to fix a issue for xss vulnerability. the code segment is below.\[code\]StringBuffer xml = new StringBuffer(); xml.append("<?xml version=\"1.0\"?>"); xml.append("<parent>"); xml.append("<child>"); for(int cntr=0; cntr < dataList.size(); cntr++){ AAAAA obj = (AAAAA) dataList.get(cntr); if(obj.getStatus().equals(Constants.ACTIVE)){ xml.append("<accountNumber>"); xml.append(obj.getAccountNumber()); xml.append("</accountNumber>"); xml.append("<partnerName>"); xml.append(obj.getPartnerName()); xml.append("</partnerName>"); xml.append("<accountType>"); xml.append(obj.getAccountType()); xml.append("</accountType>"); xml.append("<priority>"); xml.append(obj.getPriority()); xml.append("</priority>"); } } xml.append("</child>"); xml.append("</parent>"); response.getWriter().write(xml.toString()); response.setContentType("text/xml"); response.setHeader("Cache-Control", "no-cache");\[/code\]The issue is at the line having the syntax response.getWriter().write(xml.toString()); It says that it is vulnerable for xss attack. I have done sufficient home work and also installed ESAPI 2.0. but I donot know how to implement the solutions. Please suggest a solution.