BadInputFilterValve to stop XSS

[richardfinegan]

Has anyone successfully installed 
com.oreilly.tomcat.valves.BadInputFilterValve to help stop XSS attacks?

from:
http://safari.oreilly.com/?x=1&mode=section&sortKey=title&sortOrder=asc&view=&g=&catid=&s=1&b=1&f=1&t=1&c=1&u=1&r=&o=1&n=1&d=1&p=1&a=0&xmlid=0-59600-318-8/tomcat-APP-D

We are using tomcat 5.0.28, we've successfully compiled and added the 
valve element, but every time request parameters are parsed i am stuck 
with the following error:

java.util.ConcurrentModificationException
        at java.util.HashMap$HashIterator.nextEntry(HashMap.java:782)
        at java.util.HashMap$KeyIterator.next(HashMap.java:818)
        at 
com.oreilly.tomcat.valves.BadInputFilterValve.filterParameters(BadInputFilterValve.java:487)
        at 
com.oreilly.tomcat.valves.BadInputFilterValve.invoke(BadInputFilterValve.java:344)
        at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
        at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
        at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
        at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
        at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
        at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
        at 
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
        at 
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
        at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
        at 
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
        at java.lang.Thread.run(Thread.java:534)

and of course the valve fails to modify any parameters.  if anyone has any 
ideas on what the problem is/how to fix this please advise.

thanks

Richard Finegan