Write a simple class that subcalsses HttpServletRequestWrapper
with a getParameter() method that returns the sanitized version of the input. Then pass an instance of your HttpServletRequestWrapper
to Filter.doChainFilter.doChain()
instead of the responserequest object directly.