Java escape HTML

Question

currently I use org.apache.commons.lang.StringEscapeUtils escapeHtml() to escape unwanted HTML tags in my Strings but then I realized it escapes characters with

Answer 1

Here's a version that replaces the six significant characters as recommended by OWASP. This is suitable for HTML content elements like ..., but not HTML attributes like because the latter are often left unquoted.

StringUtils.replaceEach(text,
        new String[]{"&", "<", ">", "\"", "'", "/"},
        new String[]{"&", "<", ">", """, "'", "/"});