Prevention of Cross-site scripting (XSS)

I’m wanting to prevent Cross-site scripting (XSS) and am wondering how I can best approach this. (on Bonita version 7.2.4)

For example how to prevent the below script being embedded in the response?

http://localhost:8080/bonita/portal/documentDownload?fileName=alert.jpg&contentStorageId=/<img src=test onerror=alert(1)>

Hi,
I think this has been solved in 7.3.0
The error JSPs don’t display the exceptions anymore.
If you cannot upgrade to a more recent version, you can modify or replace the JSP in the directory error-pages of bonita.war

Sorry this:
http://localhost:8080/bonita/portal/documentDownload?fileName=alert.jpg&contentStorageId=/<img src=test onerror=alert(1)>

This is a great answer Anthony, thank you.