Urgent Help !!! Modifying params in Request object|| java equiv of setParameter()

Hi All,

This is a very-very-very urgent need!! Please ping if u have any clue..

Scenario :::
To prevent XSS Cross site scripting from external sources ..I tried these things.

When a webpage is called, I 'll scan all the parameter values passed and if it contains any mailicous characters like < % > etc ,I'll encode to ascii format..

The problem is in java there is no equivalent of getParameter() i.e any function like setParameter(). .

So I tried using setAttribute but no luck ... ​

I've posted the full code of

1.jsp code [ This jsp is called from other page which sends some parameters ]
2.Servlet class (which acts as a filter)
3. log file info (the output console)

Please tell me where I got wrong

jsp code::
<%
String _field=request.getParameter("Area1");
System.out.println("Value becomes: "+_field);
%>

N.B :: Actually the parameter Area1 is passed from previous page . I just checked to see if it prints the modified input or the same input

ServletClass

Code:

[FONT=Courier New][COLOR=RoyalBlue]import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;


public class MyFilterServlet implements Filter 
{
	private FilterConfig filterConfig = null;

	public void init(FilterConfig filterConfig) {
		this.filterConfig = filterConfig;
	}


	 
/** 
 *  Description : First Enumerates all parameters and its values.
 * 		  Pass parameter values to encodeChars function
 * 		  Using HttpSession object,set the new parameter values
*/
	
	public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException 
  {

	/** wrap the request object
	* this customised request object enables you to modify request headers */

	HttpServletRequestWrapper reqwrapper=new HttpServletRequestWrapper((HttpServletRequest)request);


	/* Session object to set new parameter values */
	HttpSession _session=reqwrapper.getSession();


	/* Enumerate parameters,parameter values */
	Enumeration parameters=reqwrapper.getParameterNames();
	while(parameters.hasMoreElements()){
		String paramName=(String)parameters.nextElement();
		String paramValue=reqwrapper.getParameter(paramName);
	[COLOR=Magenta]
		/* encode function to change certain characters */
		[B]System.out.println(paramName+": "+paramValue);[/B] // [SIZE=3]XXX[/SIZE]		String modifiedValue=encodeChars(paramValue);
		[B]System.out.println(modifiedValue);[/B] [SIZE=3]//YYY[/SIZE]		reqwrapper.setAttribute(paramName,modifiedValue);

	}

	
	[B]System.out.println("the filter is on");[/B] [SIZE=3]//ZZZ[/SIZE] [/COLOR]
	chain.doFilter(reqwrapper, response);
	
  }



	public void destroy() { }


   public static String encodeChars( String s ) {
    StringBuffer sb = new StringBuffer();
    for ( int i = 0; i < s.length(); i++ ) {
      char c = s.charAt( i );
      if ( c == '<' ) sb.append( "&lt;" );
      else if ( c == '>' ) sb.append( "&gt;" );
      else if ( c == '%' ) sb.append( "&#25" );
      else if ( c == '"' ) sb.append( "" );
      else if ( c == '\'' ) sb.append( "" );
      else if ( c == '+' ) sb.append( "" );
      // newline filter
      else if ( c == '\n' ) sb.append( "&lt;br/&gt;");
      else sb.append( c );
    }
    return sb.toString();
  }
   
}[/COLOR] [/FONT]

In Log FIle

Area1: ANderson <>#$%<?>LO?: // Output due to line XXX
ANderson &lt;&gt;#$&#25&lt;?&gt;LO?: //Output due to line YYY
the filter is on //Output due to line ZZZ
Value becomes: ANderson <>#$%<?>LO?: //Output thro JSP page




Can someone tell me why that setAttribute doesn't have any impact on the parameter.. ( or) how to modify the parameter values in the request object ????