Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/action/OrgManageAction.java
===================================================================
diff -u -rc368a79cdaf7adf21f3185b6bdccd024320982c9 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/action/OrgManageAction.java	(.../OrgManageAction.java)	(revision c368a79cdaf7adf21f3185b6bdccd024320982c9)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/action/OrgManageAction.java	(.../OrgManageAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -29,7 +29,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
 import org.apache.struts.action.ActionMapping;
@@ -54,6 +53,7 @@
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * <p>
@@ -209,9 +209,9 @@
 	    JSONObject responseRow = new JSONObject();
 	    responseRow.put("id", organisation.getOrganisationId());
 	    String orgName = organisation.getName() == null ? "" : organisation.getName();
-	    responseRow.put("name", StringEscapeUtils.escapeHtml(orgName));
+	    responseRow.put("name", HtmlUtils.htmlEscape(orgName));
 	    String orgCode = organisation.getCode() == null ? "" : organisation.getCode();
-	    responseRow.put("code", StringEscapeUtils.escapeHtml(orgCode));
+	    responseRow.put("code", HtmlUtils.htmlEscape(orgCode));
 	    String orgCreateDate = organisation.getCreateDate() == null ? ""
 		    : FileUtil.EXPORT_TO_SPREADSHEET_TITLE_DATE_FORMAT.format(organisation.getCreateDate());
 	    responseRow.put("createDate", orgCreateDate);
Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/action/UserSearchAction.java
===================================================================
diff -u -r376e99b362b0ea18df73f848d310201270b26239 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/action/UserSearchAction.java	(.../UserSearchAction.java)	(revision 376e99b362b0ea18df73f848d310201270b26239)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/action/UserSearchAction.java	(.../UserSearchAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -31,7 +31,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
@@ -46,6 +45,7 @@
 import org.lamsfoundation.lams.util.MessageService;
 import org.lamsfoundation.lams.util.WebUtil;
 import org.lamsfoundation.lams.web.action.LamsDispatchAction;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author jliew
@@ -128,13 +128,13 @@
 
 	    JSONObject responseRow = new JSONObject();
 	    responseRow.put("userId", userDto.getUserID());
-	    responseRow.put("login", StringEscapeUtils.escapeHtml(userDto.getLogin()));
+	    responseRow.put("login", HtmlUtils.htmlEscape(userDto.getLogin()));
 	    String firstName = userDto.getFirstName() == null ? "" : userDto.getFirstName();
-	    responseRow.put("firstName", StringEscapeUtils.escapeHtml(firstName));
+	    responseRow.put("firstName", HtmlUtils.htmlEscape(firstName));
 	    String lastName = userDto.getLastName() == null ? "" : userDto.getLastName();
-	    responseRow.put("lastName", StringEscapeUtils.escapeHtml(lastName));
+	    responseRow.put("lastName", HtmlUtils.htmlEscape(lastName));
 	    String email = userDto.getEmail() == null ? "" : userDto.getEmail();
-	    responseRow.put("email", StringEscapeUtils.escapeHtml(email));
+	    responseRow.put("email", HtmlUtils.htmlEscape(email));
 	    if ( userDto.getPortraitUuid() != null )
 		responseRow.put("portraitId", userDto.getPortraitUuid());
 	    rows.put(responseRow);
Index: lams_central/src/java/org/lamsfoundation/lams/web/IndexAction.java
===================================================================
diff -u -r9b24f3330d42579e9c7b3e807568360a617d9a8c -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_central/src/java/org/lamsfoundation/lams/web/IndexAction.java	(.../IndexAction.java)	(revision 9b24f3330d42579e9c7b3e807568360a617d9a8c)
+++ lams_central/src/java/org/lamsfoundation/lams/web/IndexAction.java	(.../IndexAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -32,7 +32,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.ActionForm;
@@ -56,6 +55,7 @@
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  *
@@ -210,7 +210,7 @@
 	    JSONObject responseRow = new JSONObject();
 	    responseRow.put("id", orgDto.getOrganisationID());
 	    String orgName = orgDto.getName() == null ? "" : orgDto.getName();
-	    responseRow.put("name", StringEscapeUtils.escapeHtml(orgName));
+	    responseRow.put("name", HtmlUtils.htmlEscape(orgName));
 
 	    rows.put(responseRow);
 	}
Index: lams_central/src/java/org/lamsfoundation/lams/workspace/service/WorkspaceManagementService.java
===================================================================
diff -u -rf7f38c0fd8e86323bca2df607731f1ec913e8869 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_central/src/java/org/lamsfoundation/lams/workspace/service/WorkspaceManagementService.java	(.../WorkspaceManagementService.java)	(revision f7f38c0fd8e86323bca2df607731f1ec913e8869)
+++ lams_central/src/java/org/lamsfoundation/lams/workspace/service/WorkspaceManagementService.java	(.../WorkspaceManagementService.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -32,7 +32,6 @@
 import java.util.Vector;
 import java.util.regex.Pattern;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.log4j.Logger;
 import org.apache.tomcat.util.json.JSONArray;
 import org.apache.tomcat.util.json.JSONException;
@@ -59,6 +58,7 @@
 import org.lamsfoundation.lams.workspace.WorkspaceFolderContent;
 import org.lamsfoundation.lams.workspace.dto.FolderContentDTO;
 import org.lamsfoundation.lams.workspace.web.WorkspaceAction;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author Manpreet Minhas
@@ -482,7 +482,7 @@
 		LearningDesign design = (LearningDesign) iterator.next();
 		if ((searchPattern == null) || (searchPattern.matcher(design.getTitle()).find())) {
 		    JSONObject learningDesignJSON = new JSONObject();
-		    learningDesignJSON.put("name", StringEscapeUtils.escapeHtml(design.getTitle()));
+		    learningDesignJSON.put("name", HtmlUtils.htmlEscape(design.getTitle()));
 		    learningDesignJSON.put("learningDesignId", design.getLearningDesignId());
 		    learningDesignJSON.putOpt("type", design.getDesignType() != null ? design.getDesignType()
 			    : WorkspaceManagementService.DEFAULT_DESIGN_TYPE);
Index: lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/dto/GBLessonGridRowDTO.java
===================================================================
diff -u -ra949c337adc53b2df9207aa1de6e500281de7c20 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/dto/GBLessonGridRowDTO.java	(.../GBLessonGridRowDTO.java)	(revision a949c337adc53b2df9207aa1de6e500281de7c20)
+++ lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/dto/GBLessonGridRowDTO.java	(.../GBLessonGridRowDTO.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -25,9 +25,9 @@
 
 import java.util.ArrayList;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.lamsfoundation.lams.gradebook.util.GBGridView;
 import org.lamsfoundation.lams.gradebook.util.GradebookUtil;
+import org.springframework.web.util.HtmlUtils;
 
 public class GBLessonGridRowDTO extends GradebookGridRowDTO {
 
@@ -53,7 +53,7 @@
 
 	ret.add(id.toString());
 
-	rowName = StringEscapeUtils.escapeHtml(rowName);
+	rowName = HtmlUtils.htmlEscape(rowName);
 
 	if (view == GBGridView.MON_COURSE) {
 	    if (gradebookMonitorURL != null && gradebookMonitorURL.length() != 0) {
Index: lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/dto/GBUserGridRowDTO.java
===================================================================
diff -u -r917cdcbcb307b39b90b65f7b97a5b5f7863d7c5b -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/dto/GBUserGridRowDTO.java	(.../GBUserGridRowDTO.java)	(revision 917cdcbcb307b39b90b65f7b97a5b5f7863d7c5b)
+++ lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/dto/GBUserGridRowDTO.java	(.../GBUserGridRowDTO.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -25,10 +25,10 @@
 
 import java.util.ArrayList;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.lamsfoundation.lams.gradebook.util.GBGridView;
 import org.lamsfoundation.lams.gradebook.util.GradebookUtil;
 import org.lamsfoundation.lams.usermanagement.User;
+import org.springframework.web.util.HtmlUtils;
 
 public class GBUserGridRowDTO extends GradebookGridRowDTO {
 
@@ -49,7 +49,7 @@
 
     public GBUserGridRowDTO(User user) {
 	this.id = user.getUserId().toString();
-	this.rowName = StringEscapeUtils.escapeHtml(user.getLastName() + ", " + user.getFirstName());
+	this.rowName = HtmlUtils.htmlEscape(user.getLastName() + ", " + user.getFirstName());
 	this.firstName = user.getFirstName();
 	this.lastName = user.getLastName();
 	this.login = user.getLogin();
Index: lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/service/GradebookService.java
===================================================================
diff -u -rc3db10fe6622ab0bb74375275547f75608241c65 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/service/GradebookService.java	(.../GradebookService.java)	(revision c3db10fe6622ab0bb74375275547f75608241c65)
+++ lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/service/GradebookService.java	(.../GradebookService.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -36,7 +36,6 @@
 import java.util.TimeZone;
 import java.util.TreeSet;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.log4j.Logger;
 import org.lamsfoundation.lams.dao.IBaseDAO;
 import org.lamsfoundation.lams.gradebook.GradebookUserActivity;
@@ -95,6 +94,7 @@
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  *
@@ -2127,7 +2127,7 @@
 		    && (learnerProgress.getAttemptedActivities().size() > 0)) {
 
 		String currentActivityTitle = learnerProgress.getCurrentActivity() == null ? ""
-			: StringEscapeUtils.escapeHtml(learnerProgress.getCurrentActivity().getTitle());
+			: HtmlUtils.htmlEscape(learnerProgress.getCurrentActivity().getTitle());
 		status = "<i class='fa fa-cog' title='" + currentActivityTitle + "'></i>";
 	    }
 	}
@@ -2148,7 +2148,7 @@
 	    byte statusByte = learnerProgress.getProgressState(activity);
 	    if (statusByte == LearnerProgress.ACTIVITY_ATTEMPTED && learnerProgress.getCurrentActivity() != null) {
 		return "<i class='fa fa-cog' title='"
-			+ StringEscapeUtils.escapeHtml(learnerProgress.getCurrentActivity().getTitle()) + "'></i>";
+			+ HtmlUtils.htmlEscape(learnerProgress.getCurrentActivity().getTitle()) + "'></i>";
 	    } else if (statusByte == LearnerProgress.ACTIVITY_COMPLETED) {
 		return "<i class='fa fa-check text-success'></i>";
 	    }
Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java
===================================================================
diff -u -rb26f90eccf164c7058201360d2ca771adcfb597a -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java	(.../MonitoringAction.java)	(revision b26f90eccf164c7058201360d2ca771adcfb597a)
+++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -48,7 +48,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
 import org.apache.struts.action.ActionMapping;
@@ -70,7 +69,6 @@
 import org.lamsfoundation.lams.learningdesign.SequenceActivity;
 import org.lamsfoundation.lams.learningdesign.ToolActivity;
 import org.lamsfoundation.lams.learningdesign.Transition;
-import org.lamsfoundation.lams.learningdesign.dao.ILearningDesignDAO;
 import org.lamsfoundation.lams.learningdesign.exception.LearningDesignException;
 import org.lamsfoundation.lams.lesson.LearnerProgress;
 import org.lamsfoundation.lams.lesson.Lesson;
@@ -101,6 +99,7 @@
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
@@ -1081,7 +1080,7 @@
 	responseJSON.put("numberPossibleLearners", getLessonService().getCountLessonLearners(lessonId, null));
 	responseJSON.put("lessonStateID", lesson.getLessonStateId());
 
-	responseJSON.put("lessonName", StringEscapeUtils.escapeHtml(lesson.getLessonName()));
+	responseJSON.put("lessonName", HtmlUtils.htmlEscape(lesson.getLessonName()));
 	responseJSON.put("lessonDescription", lesson.getLessonDescription());
 
 	Date startOrScheduleDate = lesson.getStartDateTime() == null ? lesson.getScheduleStartDate()
Index: lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/action/MonitoringAction.java
===================================================================
diff -u -r5d1d1bc2d08ed13455ca34ceb5ab94e5f918855d -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 5d1d1bc2d08ed13455ca34ceb5ab94e5f918855d)
+++ lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -40,7 +40,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.Action;
@@ -78,6 +77,7 @@
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 public class MonitoringAction extends Action {
     public static Logger log = Logger.getLogger(MonitoringAction.class);
@@ -396,7 +396,7 @@
 	    JSONArray userData = new JSONArray();
 	    userData.put(userDto.getUserId());
 	    userData.put(sessionId);
-	    String fullName = StringEscapeUtils.escapeHtml(userDto.getFirstName() + " " + userDto.getLastName());
+	    String fullName = HtmlUtils.htmlEscape(userDto.getFirstName() + " " + userDto.getLastName());
 	    userData.put(fullName);
 	    userData.put(userDto.getGrade());
 	    if (userDto.getPortraitId() != null ) 
@@ -490,7 +490,7 @@
 	for (AssessmentUserDTO userDto : userDtos) {
 
 	    Long questionResultUid = userDto.getQuestionResultUid();
-	    String fullName = StringEscapeUtils.escapeHtml(userDto.getFirstName() + " " + userDto.getLastName());
+	    String fullName = HtmlUtils.htmlEscape(userDto.getFirstName() + " " + userDto.getLastName());
 
 	    JSONArray userData = new JSONArray();
 	    if (questionResultUid != null) {
Index: lams_tool_daco/src/java/org/lamsfoundation/lams/tool/daco/web/action/MonitoringAction.java
===================================================================
diff -u -r60d9a173d5590295376322fc3e857ae2dca37717 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_daco/src/java/org/lamsfoundation/lams/tool/daco/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 60d9a173d5590295376322fc3e857ae2dca37717)
+++ lams_tool_daco/src/java/org/lamsfoundation/lams/tool/daco/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -39,7 +39,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.Action;
@@ -72,6 +71,7 @@
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 public class MonitoringAction extends Action {
     public static Logger log = Logger.getLogger(MonitoringAction.class);
@@ -250,7 +250,7 @@
 	    DacoUser user = (DacoUser) userAndReflection[0];
 
 	    responseRow.put(DacoConstants.USER_ID, user.getUserId());
-	    responseRow.put(DacoConstants.USER_FULL_NAME, StringEscapeUtils.escapeHtml(user.getFullName()));
+	    responseRow.put(DacoConstants.USER_FULL_NAME, HtmlUtils.htmlEscape(user.getFullName()));
 
 	    if (userAndReflection.length > 1 && userAndReflection[1] != null) {
 		responseRow.put(DacoConstants.RECORD_COUNT, userAndReflection[1]);
@@ -260,7 +260,7 @@
 
 	    if (userAndReflection.length > 2 && userAndReflection[2] != null) {
 		responseRow.put(DacoConstants.NOTEBOOK_ENTRY,
-			StringEscapeUtils.escapeHtml((String) userAndReflection[2]));
+			HtmlUtils.htmlEscape((String) userAndReflection[2]));
 	    }
 	    if (userAndReflection.length > 3 && userAndReflection[3] != null) {
 		responseRow.put(DacoConstants.PORTRAIT_ID, userAndReflection[3]);
Index: lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/actions/MonitoringAction.java
===================================================================
diff -u -r60d9a173d5590295376322fc3e857ae2dca37717 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/actions/MonitoringAction.java	(.../MonitoringAction.java)	(revision 60d9a173d5590295376322fc3e857ae2dca37717)
+++ lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/actions/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -44,7 +44,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.poi.hssf.usermodel.HSSFCell;
@@ -86,6 +85,7 @@
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 public class MonitoringAction extends Action {
 
@@ -308,7 +308,7 @@
 
 	    responseRow.put(ForumConstants.ATTR_USER_UID, user.getUid());
 	    responseRow.put(ForumConstants.ATTR_USER_ID, user.getUserId());
-	    responseRow.put("userName", StringEscapeUtils.escapeHtml(user.getLastName() + " " + user.getFirstName()));
+	    responseRow.put("userName", HtmlUtils.htmlEscape(user.getLastName() + " " + user.getFirstName()));
 
 	    int numberOfPosts = 0;
 	    boolean isAnyPostsMarked = false;
@@ -337,7 +337,7 @@
 	    responseRow.put("numberOfPosts", numberOfPosts);
 
 	    if (userAndReflection.length > 1 && userAndReflection[1] != null) {
-		responseRow.put("notebookEntry", StringEscapeUtils.escapeHtml((String) userAndReflection[1]));
+		responseRow.put("notebookEntry", HtmlUtils.htmlEscape((String) userAndReflection[1]));
 	    }
 	    
 	    if (userAndReflection.length > 2 && userAndReflection[2] != null) {
Index: lams_tool_gmap/src/java/org/lamsfoundation/lams/tool/gmap/web/actions/MonitoringAction.java
===================================================================
diff -u -r57840657b3f8bbdc314d25b49371fab852bbe40f -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_gmap/src/java/org/lamsfoundation/lams/tool/gmap/web/actions/MonitoringAction.java	(.../MonitoringAction.java)	(revision 57840657b3f8bbdc314d25b49371fab852bbe40f)
+++ lams_tool_gmap/src/java/org/lamsfoundation/lams/tool/gmap/web/actions/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -30,7 +30,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
@@ -54,6 +53,7 @@
 import org.lamsfoundation.lams.web.action.LamsDispatchAction;
 import org.lamsfoundation.lams.web.session.SessionManager;
 import org.lamsfoundation.lams.web.util.AttributeNames;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author
@@ -217,7 +217,7 @@
 	    JSONObject responseRow = new JSONObject();
 	    responseRow.put(GmapConstants.ATTR_USER_ID, userAndReflection[0]);
 	    String fullName = new StringBuilder((String)userAndReflection[1]).append(" ").append((String)userAndReflection[2]).toString();
-	    responseRow.put(GmapConstants.ATTR_USER_FULLNAME, StringEscapeUtils.escapeHtml(fullName));
+	    responseRow.put(GmapConstants.ATTR_USER_FULLNAME, HtmlUtils.htmlEscape(fullName));
 
 	    if (userAndReflection.length > 3) {
 		responseRow.put(GmapConstants.ATTR_PORTRAIT_ID, (Integer)userAndReflection[3]);
Index: lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/action/LearningAction.java
===================================================================
diff -u -r5831c6c974ca7fef986ffd207d708a2a56bf39f1 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/action/LearningAction.java	(.../LearningAction.java)	(revision 5831c6c974ca7fef986ffd207d708a2a56bf39f1)
+++ lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/action/LearningAction.java	(.../LearningAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -78,6 +78,7 @@
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  *
@@ -243,7 +244,7 @@
 
 	// escape characters
 	for (ImageGalleryItem image : images) {
-	    String titleEscaped = StringEscapeUtils.escapeJavaScript(image.getTitle());
+	    String titleEscaped = HtmlUtils.htmlEscape(image.getTitle());
 	    image.setTitleEscaped(titleEscaped);
 	    String descriptionEscaped = StringEscapeUtils.escapeJavaScript(image.getDescription());
 	    image.setDescriptionEscaped(descriptionEscaped);
Index: lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/action/McMonitoringAction.java
===================================================================
diff -u -rb6b28d32fe5b2923cbb30a6c9b889c02e1ba29cf -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/action/McMonitoringAction.java	(.../McMonitoringAction.java)	(revision b6b28d32fe5b2923cbb30a6c9b889c02e1ba29cf)
+++ lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/action/McMonitoringAction.java	(.../McMonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -67,6 +67,7 @@
 import org.lamsfoundation.lams.web.action.LamsDispatchAction;
 import org.lamsfoundation.lams.web.session.SessionManager;
 import org.lamsfoundation.lams.web.util.AttributeNames;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * * @author Ozgur Demirtas
@@ -324,7 +325,7 @@
 	    visitLogData.put(userUid);
 	    visitLogData.put(userDto.getUserId());
 
-	    String fullName = StringEscapeUtils.escapeHtml(userDto.getFullName());
+	    String fullName = HtmlUtils.htmlEscape(userDto.getFullName());
 	    if (groupLeader != null && groupLeader.getUid().equals(userUid)) {
 		fullName += " (" + mcService.getLocalizedMessage("label.monitoring.group.leader") + ")";
 	    }
Index: lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/action/QaMonitoringAction.java
===================================================================
diff -u -r045ebfd1d11d9ed0a1f81a00abb1a2ea373e8d93 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/action/QaMonitoringAction.java	(.../QaMonitoringAction.java)	(revision 045ebfd1d11d9ed0a1f81a00abb1a2ea373e8d93)
+++ lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/action/QaMonitoringAction.java	(.../QaMonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -38,7 +38,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
@@ -64,6 +63,7 @@
 import org.lamsfoundation.lams.web.action.LamsDispatchAction;
 import org.lamsfoundation.lams.web.session.SessionManager;
 import org.lamsfoundation.lams.web.util.AttributeNames;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author Ozgur Demirtas
@@ -217,9 +217,9 @@
 
 	for (Object[] userAndReflection : users) {
 	    JSONObject responseRow = new JSONObject();
-	    responseRow.put("username", StringEscapeUtils.escapeHtml((String) userAndReflection[1]));
+	    responseRow.put("username", HtmlUtils.htmlEscape((String) userAndReflection[1]));
 	    if (userAndReflection.length > 2 && userAndReflection[2] != null) {
-		String reflection = StringEscapeUtils.escapeHtml((String) userAndReflection[2]);
+		String reflection = HtmlUtils.htmlEscape((String) userAndReflection[2]);
 		responseRow.put(QaAppConstants.NOTEBOOK, reflection.replaceAll("\n", "<br>"));
 	    }
 	    rows.put(responseRow);
Index: lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/action/MonitoringAction.java
===================================================================
diff -u -r045ebfd1d11d9ed0a1f81a00abb1a2ea373e8d93 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 045ebfd1d11d9ed0a1f81a00abb1a2ea373e8d93)
+++ lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -35,7 +35,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.Action;
@@ -64,6 +63,7 @@
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 public class MonitoringAction extends Action {
     public static Logger log = Logger.getLogger(MonitoringAction.class);
@@ -177,7 +177,7 @@
 
 	    JSONArray visitLogData = new JSONArray();
 	    visitLogData.put(visitLogDto.getUserId());
-	    String fullName = StringEscapeUtils.escapeHtml(visitLogDto.getUserFullName());
+	    String fullName = HtmlUtils.htmlEscape(visitLogDto.getUserFullName());
 	    visitLogData.put(fullName);
 	    String accessDate = (visitLogDto.getAccessDate() == null) ? ""
 		    : dateFormatter.format(
Index: lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/actions/MonitoringAction.java
===================================================================
diff -u -r8e090b3ddf269cdffececa4bc55a9333da5b0858 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/actions/MonitoringAction.java	(.../MonitoringAction.java)	(revision 8e090b3ddf269cdffececa4bc55a9333da5b0858)
+++ lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/actions/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -33,7 +33,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.ActionForm;
@@ -57,6 +56,7 @@
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  *
@@ -156,13 +156,14 @@
 	    responseRow.put("id", id++);
 	    responseRow.put(NotebookConstants.PARAM_USER_UID, user.getUid());
 	    responseRow.put(NotebookConstants.PARAM_NAME,
-		    StringEscapeUtils.escapeHtml(user.getLastName() + " " + user.getFirstName()));
+		    HtmlUtils.htmlEscape(user.getLastName() + " " + user.getFirstName()));
 	    if (userAndReflection.length > 1 && userAndReflection[1] != null) {
-		responseRow.put(NotebookConstants.PARAM_ENTRY, userAndReflection[1]);
+		responseRow.put(NotebookConstants.PARAM_ENTRY, HtmlUtils.htmlEscape((String) userAndReflection[1]));
 	    }
-	    if (user.getTeachersComment() != null && user.getTeachersComment().length() > 0) {
-		responseRow.put(NotebookConstants.PARAM_COMMENT, user.getTeachersComment());
-	    }
+//	    if (user.getTeachersComment() != null && user.getTeachersComment().length() > 0) {
+//		responseRow.put(NotebookConstants.PARAM_COMMENT,
+//			HtmlUtils.htmlEscape((String) user.getTeachersComment()));
+//	    }
 
 	    if (userAndReflection.length > 2 && userAndReflection[2] != null) {
 		Date modifiedDate = (Date) userAndReflection[2];
Index: lams_tool_notebook/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r8e090b3ddf269cdffececa4bc55a9333da5b0858 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_notebook/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision 8e090b3ddf269cdffececa4bc55a9333da5b0858)
+++ lams_tool_notebook/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -36,7 +36,7 @@
 	};
 
 	$(document).ready(function(){
-
+ 
 		<c:forEach var="sessionEntry" items="${notebookDTO.sessions}">
 			<c:set var="sessionId" value ="${sessionEntry.key}"/>
 			<c:set var="sessionName" value ="${sessionEntry.value}"/>
@@ -58,13 +58,13 @@
 					alert("Error has occured "+error);
 				},	
 				
-				subGrid: true,
+ 				subGrid: true,
 			    subGridOptions: {
 			        reloadOnExpand: false, // Prevent jqGrid from wiping out the subgrid data.
 			    },
 
  				gridComplete: function() {	
- 					initializePortraitPopover('${lams}');
+  					initializePortraitPopover('${lams}');
 					var dop = $("#group${sessionId}");
  			    	//expand subgrids that have available notebook entry, reformatting 
  			    	// the comment data for the "comment summary / comment sort" field.
@@ -86,10 +86,10 @@
  	                	if (entry && entry.length > 0) {
  	                		$("#group${sessionId}").expandSubGridRow(rowId);
  	                	}
- 	                });
+ 	                }); 
  	               $("time.timeago").timeago();
  	            },
- 				subGridRowExpanded: function(subgridDivId, rowId) {
+  				subGridRowExpanded: function(subgridDivId, rowId) {
  					var subgrid = jQuery("#"+subgridDivId);
  					
  					//display "not available" sign if there is no entry
@@ -126,7 +126,7 @@
  					    cancelButton: "<fmt:message key='button.cancel' />"
  					});
  				},
-
+ 
 				pager : '#group${sessionId}pager',
 				pagerpos: "left",
 				rowNum: 10,
@@ -138,35 +138,35 @@
 				
 			   	colNames:['#',
 						'userUid',
-						"<fmt:message key="label.user.name" />",
+ 						"<fmt:message key="label.user.name" />",
+ 					    "<fmt:message key="label.lastModified" />",
 					    "<fmt:message key="label.lastModified" />",
 					    "<fmt:message key="label.lastModified" />",
-					    "<fmt:message key="label.lastModified" />",
-					    'entry',
+	 				    'entry',
 					    "<fmt:message key="label.comment" />",  // comment summary for sorting
 					    'actualComment',
-						'userId',
+	 					'userId',
 						'portraitId'],
 					    
 			   	colModel:[
 			   		{name:'id',index:'id', width:10, hidden: true, search: false},
 			   		{name:'userUid',index:'userUid', width:0, hidden: true, search: false},
-			   		{name:'userName',index:'userName', width:200, formatter:userNameFormatter},
-			   		{name:'lastEdited',index:'lastEdited', hidden: true, width:0, search: false},		
+ 			   		{name:'userName',index:'userName', width:200, formatter:userNameFormatter},
+ 			   		{name:'lastEdited',index:'lastEdited', hidden: true, width:0, search: false},		
 			   		{name:'lastEditedTimeago',index:'lastEditedTimeago', hidden: true, width:0,  search: false},		
 			   		{name:'lastEditedTimeagoOutput',index:'lastEditedTimeagoOutput', width:120, search: false},		
-			   		{name:'entry',index:'entry', hidden: true, width:0, search: false},	
+ 			   		{name:'entry',index:'entry', hidden: true, width:0, search: false},	
 			   		{name:'commentsort',index:'commentsort', width:40, search: false },
 			   		{name:'comment',index:'comment', hidden: true, width:0, search: false},
-			   		{name:'userId',index:'userId', width:0, hidden: true, search: false},
+ 			   		{name:'userId',index:'userId', width:0, hidden: true, search: false},
 			   		{name:'portraitId',index:'portraitId', width:0, hidden: true, search: false}
 			   	],
 			   	
 			   	multiselect: false,
 			}).jqGrid('filterToolbar',{searchOnEnter: false});
 		</c:forEach>
+		 
 		
-		
         //jqgrid autowidth (http://stackoverflow.com/a/1610197)
         $(window).bind('resize', function() {
             resizeJqgrid(jQuery(".ui-jqgrid-btable:visible"));
@@ -209,7 +209,7 @@
 	</c:if>
 	
 </div>
-
+ 
 <c:if test="${isGroupedActivity}">
 	<div class="panel-group" id="accordionSessions" role="tablist" aria-multiselectable="true"> 
 </c:if>
@@ -229,10 +229,10 @@
         <div id="collapse${session.key}" class="panel-collapse collapse ${status.first ? 'in' : ''}"
         	 role="tabpanel" aria-labelledby="heading${session.key}">
 	</c:if>
-	
-	<table id="group${session.key}" class="scroll" cellpadding="0" cellspacing="0" ></table>
+ 
+ 	<table id="group${session.key}" class="scroll" cellpadding="0" cellspacing="0" ></table>
 	<div id="group${session.key}pager"></div>
-	
+ 
 	<c:if test="${isGroupedActivity}">
 		</div> <!-- end collapse area  -->
 		</div> <!-- end collapse panel  -->
@@ -242,7 +242,7 @@
 	
 <c:if test="${isGroupedActivity}">
 	</div> <!--  end panel group -->
-</c:if>
+</c:if> 
 
 <%@include file="advanceOptions.jsp"%>
 
Index: lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/service/PeerreviewServiceImpl.java
===================================================================
diff -u -r0e58fb8d29c6847e4e810be22d439f61115398d8 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/service/PeerreviewServiceImpl.java	(.../PeerreviewServiceImpl.java)	(revision 0e58fb8d29c6847e4e810be22d439f61115398d8)
+++ lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/service/PeerreviewServiceImpl.java	(.../PeerreviewServiceImpl.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -40,7 +40,6 @@
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.log4j.Logger;
 import org.apache.tomcat.util.json.JSONArray;
 import org.apache.tomcat.util.json.JSONException;
@@ -88,6 +87,7 @@
 import org.lamsfoundation.lams.util.ExcelCell;
 import org.lamsfoundation.lams.util.JsonUtil;
 import org.lamsfoundation.lams.util.MessageService;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author Andrey Balan
@@ -361,7 +361,7 @@
 		currentUserId, null, null, sorting, searchString, getByUser, ratingService, userManagementService);
 
 	for (Object[] raw : rawData) {
-	    raw[raw.length - 2] = StringEscapeUtils.escapeCsv((String) raw[raw.length - 2]);
+	    raw[raw.length - 2] = HtmlUtils.htmlEscape((String) raw[raw.length - 2]);
 	}
 	// if !getByUser -> is get current user's ratings from other users ->
 	// convertToStyledJSON.getAllUsers needs to be true otherwise current user (the only one in the set!) is dropped
@@ -377,7 +377,7 @@
 		currentUserId, page, size, sorting, searchString, getByUser, ratingService, userManagementService);
 
 	for (Object[] raw : rawData) {
-	    raw[raw.length - 2] = StringEscapeUtils.escapeCsv((String) raw[raw.length - 2]);
+	    raw[raw.length - 2] = HtmlUtils.htmlEscape((String) raw[raw.length - 2]);
 	}
 	// if !getByUser -> is get current user's ratings from other users ->
 	// convertToStyledJSON.getAllUsers needs to be true otherwise current user (the only one in the set!) is dropped
@@ -398,7 +398,7 @@
 	    raw[2] = (raw[2] == null ? null : numberFormat.format(raw[2])); // format rating
 	    // format name
 	    StringBuilder description = new StringBuilder((String) raw[3]).append(" ").append((String) raw[4]);
-	    raw[4] = StringEscapeUtils.escapeCsv(description.toString());
+	    raw[4] = HtmlUtils.htmlEscape(description.toString());
 
 	}
 	return rawData;
@@ -413,7 +413,7 @@
 
 	// raw data: user_id, comment_count, first_name  last_name, portrait id
 	for (Object[] raw : rawData) {
-	    raw[2] = StringEscapeUtils.escapeCsv((String) raw[2]);
+	    raw[2] = HtmlUtils.htmlEscape((String) raw[2]);
 	}
 
 	return rawData;
@@ -447,7 +447,7 @@
 
 	for (Object[] raw : rawData) {
 	    StringBuilder description = new StringBuilder((String) raw[1]).append(" ").append((String) raw[2]);
-	    raw[2] = StringEscapeUtils.escapeCsv(description.toString());
+	    raw[2] = HtmlUtils.htmlEscape(description.toString());
 	}
 
 	return rawData;
Index: lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/util/EmailAnalysisBuilder.java
===================================================================
diff -u -rfcc5eca8a605afdc9e927366827553a7862000cd -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/util/EmailAnalysisBuilder.java	(.../EmailAnalysisBuilder.java)	(revision fcc5eca8a605afdc9e927366827553a7862000cd)
+++ lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/util/EmailAnalysisBuilder.java	(.../EmailAnalysisBuilder.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -28,6 +28,7 @@
 import org.lamsfoundation.lams.tool.peerreview.util.EmailAnalysisBuilder.LearnerData.SingleCriteriaData;
 import org.lamsfoundation.lams.util.MessageService;
 import org.lamsfoundation.lams.util.NumberUtil;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * Creates the Self and Peer Assessment email, comparing the learner's self assessment against their peers' assessment
@@ -423,7 +424,7 @@
     private void generateCommentEntry(StringBuilder htmlText, StyledCriteriaRatingDTO dto, boolean showCommentTitle) {
 
 	int rowCount = 1;
-	String escapedTitle = StringEscapeUtils.escapeHtml(dto.getRatingCriteria().getTitle());
+	String escapedTitle = HtmlUtils.htmlEscape(dto.getRatingCriteria().getTitle());
 	if (dto.getRatingCriteria().isCommentRating() || dto.getRatingCriteria().isCommentsEnabled()) {
 	    if (dto.getRatingDtos().size() < 1) {
 		htmlText.append("<tr><td style=\"width:25%\"><span style=\"").append(bold).append("\">")
@@ -432,7 +433,7 @@
 	    } else {
 		for (StyledRatingDTO ratingDto : dto.getRatingDtos()) {
 		    if (ratingDto.getComment() != null) {
-			String escapedComment = StringEscapeUtils.escapeHtml(ratingDto.getComment());
+			String escapedComment = HtmlUtils.htmlEscape(ratingDto.getComment());
 			escapedComment = StringUtils.replace(escapedComment, "&lt;BR&gt;", "<BR>");
 			htmlText.append("<tr>");
 			if (showCommentTitle) {
Index: lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/action/MonitoringAction.java
===================================================================
diff -u -r8e090b3ddf269cdffececa4bc55a9333da5b0858 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 8e090b3ddf269cdffececa4bc55a9333da5b0858)
+++ lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -38,7 +38,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.Action;
 import org.apache.struts.action.ActionForm;
@@ -62,6 +61,7 @@
 import org.springframework.util.StringUtils;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 public class MonitoringAction extends Action {
     public static Logger log = Logger.getLogger(MonitoringAction.class);
@@ -311,7 +311,7 @@
 	// ratings left by others for this user
 	List<Object[]> ratings = service.getDetailedRatingsComments(toolContentId, toolSessionId, criteriaId, itemId );
 	RatingCriteria criteria = service.getCriteriaByCriteriaId(criteriaId);
-	String title = StringEscapeUtils.escapeHtml(criteria.getTitle());
+	String title = HtmlUtils.htmlEscape(criteria.getTitle());
 	
 	// processed data from db is userId, comment, rating, first_name, escaped( firstname + last_name)
 	// if no rating or comment, then the entries will be null and not an empty string
@@ -344,7 +344,7 @@
 		    JSONArray userData = new JSONArray();
 		    userData.put(i);
 		    userData.put(ratingDetails[4]);
-		    String commentText = StringEscapeUtils.escapeHtml(comment);
+		    String commentText = HtmlUtils.htmlEscape(comment);
 		    commentText = StringUtils.replace(commentText, "&lt;BR&gt;", "<BR/>");
 		    userData.put(commentText);
 		    userData.put("Comments");
@@ -465,7 +465,7 @@
     		    userData.put(nameField.toString());
     		}
     		
-    		userData.put(StringEscapeUtils.escapeHtml((String)nbEntry[3]));
+    		userData.put(HtmlUtils.htmlEscape((String)nbEntry[3]));
 
     		JSONObject userRow = new JSONObject();
     		userRow.put("id", i++);
Index: lams_tool_sbmt/src/java/org/lamsfoundation/lams/tool/sbmt/web/action/MonitoringAction.java
===================================================================
diff -u -r1688016bbb43db756bca9b93361c2a3833089d12 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_sbmt/src/java/org/lamsfoundation/lams/tool/sbmt/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 1688016bbb43db756bca9b93361c2a3833089d12)
+++ lams_tool_sbmt/src/java/org/lamsfoundation/lams/tool/sbmt/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -39,7 +39,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.poi.hssf.usermodel.HSSFCell;
 import org.apache.poi.hssf.usermodel.HSSFRow;
 import org.apache.poi.hssf.usermodel.HSSFSheet;
@@ -72,6 +71,7 @@
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author Manpreet Minhas
@@ -198,7 +198,7 @@
 	    SubmitUser user = (SubmitUser) userAndReflection[0];
 	    responseRow.put(SbmtConstants.ATTR_USER_UID, user.getUid());
 	    responseRow.put(SbmtConstants.USER_ID, user.getUserID());
-	    responseRow.put(SbmtConstants.ATTR_USER_FULLNAME, StringEscapeUtils.escapeHtml(user.getFullName()));
+	    responseRow.put(SbmtConstants.ATTR_USER_FULLNAME, HtmlUtils.htmlEscape(user.getFullName()));
 
 	    if (userAndReflection.length > 2) {
 		responseRow.put(SbmtConstants.ATTR_PORTRAIT_ID, (Integer)userAndReflection[1]);
Index: lams_tool_scribe/src/java/org/lamsfoundation/lams/tool/scribe/web/actions/LearningWebsocketServer.java
===================================================================
diff -u -ra8239ea3712e6f344d646ef625ef228d49f266c9 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_scribe/src/java/org/lamsfoundation/lams/tool/scribe/web/actions/LearningWebsocketServer.java	(.../LearningWebsocketServer.java)	(revision a8239ea3712e6f344d646ef625ef228d49f266c9)
+++ lams_tool_scribe/src/java/org/lamsfoundation/lams/tool/scribe/web/actions/LearningWebsocketServer.java	(.../LearningWebsocketServer.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -17,7 +17,6 @@
 import javax.websocket.Session;
 import javax.websocket.server.ServerEndpoint;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.tomcat.util.json.JSONArray;
@@ -32,6 +31,7 @@
 import org.lamsfoundation.lams.util.hibernate.HibernateSessionManager;
 import org.lamsfoundation.lams.web.session.SessionManager;
 import org.lamsfoundation.lams.web.util.AttributeNames;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * Receives, processes and sends Scribe reports and votes to Learners.
@@ -140,7 +140,7 @@
 		for (ScribeReportEntry storedReport : (Set<ScribeReportEntry>) scribeSession.getScribeReportEntries()) {
 		    Long uid = storedReport.getUid();
 		    String cachedReportText = sessionCache.reports.get(uid);
-		    String storedReportText = StringEscapeUtils.escapeHtml(storedReport.getEntryText());
+		    String storedReportText = HtmlUtils.htmlEscape(storedReport.getEntryText());
 		    storedReportText = storedReportText != null ? storedReportText.replaceAll("\n", "<br>") : null;
 		    if (cachedReportText == null ? storedReportText != null
 			    : (storedReportText == null) || (cachedReportText.length() != storedReportText.length())
Index: lams_tool_scribe/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r83ca314c18ea866bb79570b6e7da25eb8729b3b4 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_scribe/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision 83ca314c18ea866bb79570b6e7da25eb8729b3b4)
+++ lams_tool_scribe/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -75,10 +75,10 @@
 						<fmt:message key="heading.selectScribe" />
 						<html:select property="appointedScribeUID" styleClass="form-control input-sm loffset5">
 							<c:forEach var="user" items="${session.userDTOs}">
-								<html:option value="${user.uid}">
-									${user.firstName} ${user.lastName}
+ 								<html:option value="${user.uid}">
+ 									<c:out value="${user.firstName} ${user.lastName}" escapeXml="true"/>
 								</html:option>
-							</c:forEach>
+ 							</c:forEach>
 						</html:select>
 						<html:submit styleClass="btn btn-default btn-sm loffset5">
 							<fmt:message key="button.select" />
@@ -94,12 +94,12 @@
 			</c:otherwise>
 		</c:choose>
 	
-		<c:if test="${session.appointedScribe != null}">
+ 		<c:if test="${session.appointedScribe != null}">
 			<strong>
 				<fmt:message key="heading.appointedScribe" />: <lams:Portrait userId="${session.appointedScribeUserId}" hover="true"><c:out value="${session.appointedScribe}" escapeXml="true"/></lams:Portrait>
 			</strong>
 		</c:if>
-	</div>
+ 	</div>
 		
 	<c:if test="${session.appointedScribe != null}">
 		<c:set var="scribeSessionDTO" value="${session}" scope="request"/>
@@ -108,14 +108,14 @@
         <div class="panel-heading ${subpanelHeadingClass}"><span class="panel-title"><fmt:message key="heading.report" /></span></div>
         <div class="panel-body">
 			<c:forEach var="report" items="${session.reportDTOs}">
-				<p>
+ 				<p>
 					<c:out value="${report.headingDTO.headingText}" escapeXml="false" />
 				</p>
 				<p>
 					<lams:out value="${report.entryText}" escapeHtml="true"/>
-				</p>
+ 				</p>
 				<hr />
-			</c:forEach>
+ 			</c:forEach>
 	
 			<%@include file="/pages/parts/voteDisplay.jsp"%>
 	
Index: lams_tool_spreadsheet/src/java/org/lamsfoundation/lams/tool/spreadsheet/web/action/LearningAction.java
===================================================================
diff -u -rca10d5f847158b365d5dec170b298f29a9b2ace7 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_spreadsheet/src/java/org/lamsfoundation/lams/tool/spreadsheet/web/action/LearningAction.java	(.../LearningAction.java)	(revision ca10d5f847158b365d5dec170b298f29a9b2ace7)
+++ lams_tool_spreadsheet/src/java/org/lamsfoundation/lams/tool/spreadsheet/web/action/LearningAction.java	(.../LearningAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -32,8 +32,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.Action;
 import org.apache.struts.action.ActionForm;
@@ -54,14 +52,14 @@
 import org.lamsfoundation.lams.tool.spreadsheet.service.ISpreadsheetService;
 import org.lamsfoundation.lams.tool.spreadsheet.service.SpreadsheetApplicationException;
 import org.lamsfoundation.lams.tool.spreadsheet.web.form.ReflectionForm;
-import org.lamsfoundation.lams.tool.spreadsheet.web.form.SpreadsheetForm;
 import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
 import org.lamsfoundation.lams.util.WebUtil;
 import org.lamsfoundation.lams.web.session.SessionManager;
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  *
@@ -181,7 +179,7 @@
 	} else {
 	    code = spreadsheet.getCode();
 	}
-	sessionMap.put(SpreadsheetConstants.ATTR_CODE, StringEscapeUtils.escapeHtml(code));
+	sessionMap.put(SpreadsheetConstants.ATTR_CODE, HtmlUtils.htmlEscape(code));
 	sessionMap.put(SpreadsheetConstants.ATTR_RESOURCE, spreadsheet);
 
 	if ((spreadsheetUser != null) && (spreadsheetUser.getUserModifiedSpreadsheet() != null)
Index: lams_tool_spreadsheet/src/java/org/lamsfoundation/lams/tool/spreadsheet/web/action/MonitoringAction.java
===================================================================
diff -u -r83ca314c18ea866bb79570b6e7da25eb8729b3b4 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_spreadsheet/src/java/org/lamsfoundation/lams/tool/spreadsheet/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 83ca314c18ea866bb79570b6e7da25eb8729b3b4)
+++ lams_tool_spreadsheet/src/java/org/lamsfoundation/lams/tool/spreadsheet/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -33,7 +33,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.poi.hssf.usermodel.HSSFCell;
@@ -65,6 +64,7 @@
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 public class MonitoringAction extends Action {
     public static Logger log = Logger.getLogger(MonitoringAction.class);
@@ -170,7 +170,7 @@
 	    SpreadsheetUser user = (SpreadsheetUser) userAndReflection[0];
 	    responseRow.put(SpreadsheetConstants.ATTR_USER_UID, user.getUid());
 	    responseRow.put(SpreadsheetConstants.ATTR_USER_ID, user.getUserId());
-	    responseRow.put(SpreadsheetConstants.ATTR_USER_NAME, StringEscapeUtils.escapeHtml(user.getFullUsername()));
+	    responseRow.put(SpreadsheetConstants.ATTR_USER_NAME, HtmlUtils.htmlEscape(user.getFullUsername()));
 	    if (user.getUserModifiedSpreadsheet() != null) {
 		responseRow.put("userModifiedSpreadsheet", "true");
 		if (user.getUserModifiedSpreadsheet().getMark() != null) {
@@ -181,7 +181,7 @@
 	    }
 
 	    if (userAndReflection.length > 1 && userAndReflection[1] != null) {
-		responseRow.put("reflection", userAndReflection[1]);
+		responseRow.put("reflection", HtmlUtils.htmlEscape((String)userAndReflection[1]));
 	    }
 
 	    if (userAndReflection.length > 2 && userAndReflection[2] != null) {
Index: lams_tool_spreadsheet/web/pages/monitoring/parts/summarylist.jsp
===================================================================
diff -u -r83ca314c18ea866bb79570b6e7da25eb8729b3b4 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_spreadsheet/web/pages/monitoring/parts/summarylist.jsp	(.../summarylist.jsp)	(revision 83ca314c18ea866bb79570b6e7da25eb8729b3b4)
+++ lams_tool_spreadsheet/web/pages/monitoring/parts/summarylist.jsp	(.../summarylist.jsp)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -48,6 +48,8 @@
 			    		var rows = [],
 			            json = {};
 			    		
+			    		debugger;
+			    		
 						for (i = 0; i < data.rows.length; i++){
 							var userData = data.rows[i];
 
Index: lams_tool_spreadsheet/web/pages/reviewitem/reviewitem.jsp
===================================================================
diff -u -r19a48bf35052a72202cc4867e68d5666f0d05898 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_spreadsheet/web/pages/reviewitem/reviewitem.jsp	(.../reviewitem.jsp)	(revision 19a48bf35052a72202cc4867e68d5666f0d05898)
+++ lams_tool_spreadsheet/web/pages/reviewitem/reviewitem.jsp	(.../reviewitem.jsp)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -14,7 +14,7 @@
 		<c:set var="title"><fmt:message key="label.reviewitem.title" /></c:set>
 		<lams:Page type="learner" title="${title}">
 			
-			<p><fmt:message key="label.reviewitem.spreadsheet.sent.by" />&nbsp;<strong>${userName}</strong></p>
+			<p><fmt:message key="label.reviewitem.spreadsheet.sent.by" />&nbsp;<strong><c:out value="${userName}" escapeXml="true"/></strong></p>
 			<c:choose>
 				<c:when test="${code == null}">
 					<lams:Alert type="info" id="no-spreadsheet" close="false">
Index: lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/action/LearningAction.java
===================================================================
diff -u -r719897cf9ffdfd84d61516ae21f0c83e060d8beb -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/action/LearningAction.java	(.../LearningAction.java)	(revision 719897cf9ffdfd84d61516ae21f0c83e060d8beb)
+++ lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/action/LearningAction.java	(.../LearningAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -444,7 +444,7 @@
 
 	for (String response : responses) {
 	    //JSONArray cell=new JSONArray();
-	    //cell.put(StringEscapeUtils.escapeHtml(user.getFirstName()) + " " + StringEscapeUtils.escapeHtml(user.getLastName()) + " [" + StringEscapeUtils.escapeHtml(user.getLogin()) + "]");
+	    //cell.put(HtmlUtils.htmlEscape(user.getFirstName()) + " " + HtmlUtils.htmlEscape(user.getLastName()) + " [" + HtmlUtils.htmlEscape(user.getLogin()) + "]");
 
 	    JSONObject responseRow = new JSONObject();
 	    responseRow.put("answer", StringEscapeUtils.escapeCsv(response));
Index: lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/action/MonitoringAction.java
===================================================================
diff -u -r4cc9889b48b71ad803aca989f2f595468d5641b2 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 4cc9889b48b71ad803aca989f2f595468d5641b2)
+++ lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -40,7 +40,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.poi.ss.usermodel.Cell;
@@ -75,6 +74,7 @@
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 public class MonitoringAction extends Action {
 
@@ -232,7 +232,7 @@
 
 	    SurveyUser user = (SurveyUser) userAndAnswers[0];
 	    responseRow.put(SurveyConstants.ATTR_USER_NAME,
-		    StringEscapeUtils.escapeHtml(user.getLastName() + " " + user.getFirstName()));
+		    HtmlUtils.htmlEscape(user.getLastName() + " " + user.getFirstName()));
 	    responseRow.put(SurveyConstants.ATTR_USER_ID, user.getUserId());
 
 	    if (userAndAnswers.length > 1 && userAndAnswers[1] != null) {
@@ -251,7 +251,7 @@
 		    answer = (String) userAndAnswers[2];
 		} else {
 		    // need to escape it, as it isn't escaped in the database
-		    answer = StringEscapeUtils.escapeHtml((String) userAndAnswers[2]);
+		    answer = HtmlUtils.htmlEscape((String) userAndAnswers[2]);
 		    answer = answer.replaceAll("\n", "<br>");
 		}
 		responseRow.put("answerText", answer);
@@ -309,11 +309,11 @@
 
 	    SurveyUser user = (SurveyUser) userAndReflection[0];
 	    responseRow.put(SurveyConstants.ATTR_USER_NAME,
-		    StringEscapeUtils.escapeHtml(user.getLastName() + " " + user.getFirstName()));
+		    HtmlUtils.htmlEscape(user.getLastName() + " " + user.getFirstName()));
 	    responseRow.put(SurveyConstants.ATTR_USER_ID, user.getUserId());
 	    
 	    if (userAndReflection.length > 1 && userAndReflection[1] != null) {
-		String reflection = StringEscapeUtils.escapeHtml((String) userAndReflection[1]);
+		String reflection = HtmlUtils.htmlEscape((String) userAndReflection[1]);
 		responseRow.put(SurveyConstants.ATTR_REFLECTION, reflection.replaceAll("\n", "<br>"));
 	    }
 
Index: lams_tool_task/src/java/org/lamsfoundation/lams/tool/taskList/web/action/MonitoringAction.java
===================================================================
diff -u -r83ca314c18ea866bb79570b6e7da25eb8729b3b4 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_task/src/java/org/lamsfoundation/lams/tool/taskList/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 83ca314c18ea866bb79570b6e7da25eb8729b3b4)
+++ lams_tool_task/src/java/org/lamsfoundation/lams/tool/taskList/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -40,7 +40,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.Action;
@@ -71,6 +70,7 @@
 import org.lamsfoundation.lams.web.util.SessionMap;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.springframework.web.util.HtmlUtils;
 
 public class MonitoringAction extends Action {
     public static Logger log = Logger.getLogger(MonitoringAction.class);
@@ -233,7 +233,7 @@
 
 	    JSONArray userData = new JSONArray();
 	    userData.put(userDto.getUserId());
-	    String fullName = StringEscapeUtils.escapeHtml(userDto.getFullName());
+	    String fullName =  HtmlUtils.htmlEscape(userDto.getFullName());
 	    userData.put(fullName);
 
 	    Set<Long> completedTaskUids = userDto.getCompletedTaskUids();
@@ -245,7 +245,7 @@
 	    }
 
 	    if (tasklist.isMonitorVerificationRequired()) {
-		String label = StringEscapeUtils.escapeHtml(service.getMessage("label.confirm"));
+		String label =  HtmlUtils.htmlEscape(service.getMessage("label.confirm"));
 
 		String verificationStatus = userDto.isVerifiedByMonitor()
 			? "<i class=\"fa fa-check\"></i>"
@@ -314,14 +314,14 @@
 	TaskListItem item = service.getTaskListItemByUid(itemUid);
 	Set<TaskListItemComment> itemComments = item.getComments();
 	Set<TaskListItemAttachment> itemAttachments = item.getAttachments();
-	String label = StringEscapeUtils.escapeHtml(service.getMessage("label.download"));
+	String label =  HtmlUtils.htmlEscape(service.getMessage("label.download"));
 
 	int i = 0;
 	JSONArray rows = new JSONArray();
 	for (TaskListUserDTO userDto : userDtos) {
 
 	    JSONArray userData = new JSONArray();
-	    String fullName = StringEscapeUtils.escapeHtml(userDto.getFullName());
+	    String fullName =  HtmlUtils.htmlEscape(userDto.getFullName());
 	    userData.put(fullName);
 
 	    String completionImage = userDto.isCompleted()
@@ -347,7 +347,7 @@
 		if (!userComments.isEmpty()) {
 		    commentsFiles += "<li>";
 		    for (String userComment : userComments) {
-			commentsFiles += StringEscapeUtils.escapeHtml(userComment);
+			commentsFiles +=  HtmlUtils.htmlEscape(userComment);
 		    }
 		    commentsFiles += "</li>";
 		}
@@ -361,7 +361,7 @@
 		if (!userAttachments.isEmpty()) {
 		    commentsFiles += "<li>";
 		    for (TaskListItemAttachment userAttachment : userAttachments) {
-			commentsFiles += StringEscapeUtils.escapeHtml(userAttachment.getFileName()) + " ";
+			commentsFiles +=  HtmlUtils.htmlEscape(userAttachment.getFileName()) + " ";
 			commentsFiles += "<a href='" + TOOL_URL + "/download/?uuid=" + userAttachment.getFileUuid()
 				+ "&versionID=" + userAttachment.getFileVersionId() + "&preferDownload=true'>" + label
 				+ "</a>";
Index: lams_tool_vote/src/java/org/lamsfoundation/lams/tool/vote/web/action/MonitoringAction.java
===================================================================
diff -u -r83ca314c18ea866bb79570b6e7da25eb8729b3b4 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_vote/src/java/org/lamsfoundation/lams/tool/vote/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision 83ca314c18ea866bb79570b6e7da25eb8729b3b4)
+++ lams_tool_vote/src/java/org/lamsfoundation/lams/tool/vote/web/action/MonitoringAction.java	(.../MonitoringAction.java)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -37,7 +37,6 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
@@ -72,6 +71,7 @@
 import org.lamsfoundation.lams.web.session.SessionManager;
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.lamsfoundation.lams.web.util.SessionMap;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * @author Ozgur Demirtas
@@ -191,7 +191,7 @@
 
 	    JSONObject responseRow = new JSONObject();
 	    responseRow.put(VoteAppConstants.ATTR_USER_ID, userAndAnswers[0]);
-	    responseRow.put(VoteAppConstants.ATTR_USER_NAME, StringEscapeUtils.escapeHtml((String) userAndAnswers[2]));
+	    responseRow.put(VoteAppConstants.ATTR_USER_NAME, HtmlUtils.htmlEscape((String) userAndAnswers[2]));
 	    responseRow.put(VoteAppConstants.ATTR_ATTEMPT_TIME,
 		    DateUtil.convertToStringForJSON((Date) userAndAnswers[3], request.getLocale()));
 	    responseRow.put(VoteAppConstants.ATTR_ATTEMPT_TIME_TIMEAGO,
@@ -234,9 +234,9 @@
 	    JSONObject responseRow = new JSONObject();
 	    responseRow.put(VoteAppConstants.ATTR_USER_ID, userAndReflection[0]);
 	    responseRow.put(VoteAppConstants.ATTR_USER_NAME,
-		    StringEscapeUtils.escapeHtml((String) userAndReflection[2]));
+		    HtmlUtils.htmlEscape((String) userAndReflection[2]));
 	    if (userAndReflection.length > 3 && userAndReflection[3] != null) {
-		String reflection = StringEscapeUtils.escapeHtml((String) userAndReflection[3]);
+		String reflection = HtmlUtils.htmlEscape((String) userAndReflection[3]);
 		responseRow.put(VoteAppConstants.NOTEBOOK, reflection.replaceAll("\n", "<br>"));
 	    }
 	    if (userAndReflection.length > 4) {
@@ -310,10 +310,10 @@
 
 	    responseRow.put("uid", userAndAttempt.getUserUid());
 	    responseRow.put(VoteAppConstants.ATTR_USER_NAME,
-		    StringEscapeUtils.escapeHtml(userAndAttempt.getFullName()));
+		    HtmlUtils.htmlEscape(userAndAttempt.getFullName()));
 
 	    responseRow.put("userEntryUid", userAndAttempt.getUserEntryUid());
-	    responseRow.put("userEntry", StringEscapeUtils.escapeHtml(userAndAttempt.getUserEntry()));
+	    responseRow.put("userEntry", HtmlUtils.htmlEscape(userAndAttempt.getUserEntry()));
 	    responseRow.put(VoteAppConstants.ATTR_ATTEMPT_TIME,
 		    DateUtil.convertToStringForJSON(userAndAttempt.getAttemptTime(), request.getLocale()));
 	    responseRow.put(VoteAppConstants.ATTR_ATTEMPT_TIME_TIMEAGO,
Index: lams_tool_vote/web/learning/AllNominations.jsp
===================================================================
diff -u -r839af8b148458fd7202f178fb52274dca01fc090 -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_vote/web/learning/AllNominations.jsp	(.../AllNominations.jsp)	(revision 839af8b148458fd7202f178fb52274dca01fc090)
+++ lams_tool_vote/web/learning/AllNominations.jsp	(.../AllNominations.jsp)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -177,7 +177,7 @@
 							<i class="fa fa-xs fa-check text-success"></i>
 						</div>
 						<div class="media-body">
-							<c:out value="${entry}" escapeXml="false" />
+							<c:out value="${entry}" escapeXml="true" />
 						</div>
 					</div>
 				</c:forEach>
Index: lams_tool_vote/web/learning/RevisitedDisplay.jsp
===================================================================
diff -u -r5f940a9f66e9fc53d5c13d69fc716c4e7675a19e -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_vote/web/learning/RevisitedDisplay.jsp	(.../RevisitedDisplay.jsp)	(revision 5f940a9f66e9fc53d5c13d69fc716c4e7675a19e)
+++ lams_tool_vote/web/learning/RevisitedDisplay.jsp	(.../RevisitedDisplay.jsp)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -113,7 +113,7 @@
 				<i class="fa fa-xs fa-check text-success"></i>
 			</div>
 			<div class="media-body">
-				<c:out value="${entry}" escapeXml="false" />
+				<c:out value="${entry}" escapeXml="true" />
 			</div>
 		</div>
 	</c:forEach>
Index: lams_tool_vote/web/learning/RevisitedNoDisplay.jsp
===================================================================
diff -u -r5f940a9f66e9fc53d5c13d69fc716c4e7675a19e -reeb8faaea5372ccf5445d7172f726931e9f26098
--- lams_tool_vote/web/learning/RevisitedNoDisplay.jsp	(.../RevisitedNoDisplay.jsp)	(revision 5f940a9f66e9fc53d5c13d69fc716c4e7675a19e)
+++ lams_tool_vote/web/learning/RevisitedNoDisplay.jsp	(.../RevisitedNoDisplay.jsp)	(revision eeb8faaea5372ccf5445d7172f726931e9f26098)
@@ -20,7 +20,7 @@
 			<i class="fa fa-xs fa-check text-success"></i>
 		</div>
 		<div class="media-body">
-			<c:out value="${entry}" escapeXml="false" />
+			<c:out value="${entry}" escapeXml="true" />
 		</div>
 	</div>
 </c:forEach>