Geronimo does not proivde the XSS protection facilities to the users' applicatoins, while it does consider that for the admin console, you may refer the filter codes in below :
[1] https://svn.apache.org/repos/asf/geronimo/server/branches/3.0/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter 2013/7/25 Si Chen <sic...@opensourcestrategies.com> > Does Apache Geronimo 3.x provide protection against XSS attacks? > > -- > Si Chen > Open Source Strategies, Inc. > sic...@opensourcestrategies.com > http://www.OpenSourceStrategies.com > LinkedIn: http://www.linkedin.com/in/opentaps > Twitter: http://twitter.com/opentaps > > -- Ivan