Best regex to catch XSS (Cross-site Scripting) attack (in Java)?

Question

Jeff actually posted about this in Sanitize HTML. But his example is in C# and I\'m actually more interested in a Java version. Does anyone have a better version for Java? I

Answer 1

^(\s|\w|\d|
)*?$ 

This will validate characters, digits, whitespaces and also the
tag. If you want more risk you can add more tags like

^(\s|\w|\d|
|
|<\ul>)*?$