As described in Wiki, I've just integrated a new version of commons-jelly that makes it easier to prevent XSS vulnerabilities. I need to push the use of this throughout the core.
This task also includes a modification to maven-hpi-plugin, so that the archetype will generate view files with this PI. The test harness should be also modified to make sure that every view file has this PI (with a switch to disable this test in case plugin devs really don't want to bother.)
In the first few versions, apply this in a limited place manually in the core to verify we have no unexpected regressions. Then update the test harness so that the core will use it everywhere.