diff --git a/pom.xml b/pom.xml
index d9052ee3..e8bf1638 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,6 +16,11 @@
 	</properties>
 
 	<dependencies>
+	<dependency>
+	<groupId>org.apache.commons</groupId>
+	<artifactId>commons-text</artifactId>
+	<version>1.12.0</version>
+	</dependency>
 		<dependency>
 			<groupId>com.onelogin</groupId>
 			<artifactId>java-saml</artifactId>
diff --git a/src/main/java/servlets/module/challenge/XssChallengeSix.java b/src/main/java/servlets/module/challenge/XssChallengeSix.java
index 6aa964c7..01756818 100644
--- a/src/main/java/servlets/module/challenge/XssChallengeSix.java
+++ b/src/main/java/servlets/module/challenge/XssChallengeSix.java
@@ -1,6 +1,7 @@
 package servlets.module.challenge;
 
 import dbProcs.Getter;
+import org.apache.commons.text.StringEscapeUtils;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Locale;
@@ -80,7 +81,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
           String searchTerm = request.getParameter("searchTerm");
           log.debug("User Submitted - " + searchTerm);
           searchTerm = XssFilter.anotherBadUrlValidate(searchTerm);
-          userPost = "<a href=\"" + searchTerm + "\">Your HTTP Link!</a>";
+          String encodedSearchTerm = StringEscapeUtils.escapeHtml4(searchTerm);
+          userPost = "<a href=\"" + encodedSearchTerm + "\">Your HTTP Link!</a>";
           log.debug("After Sanitising - " + searchTerm);
 
           boolean xssDetected = FindXSS.search(userPost);