This code will encode your data if a user tries to attack your application through CRLF injection
String s=Arrays.toString(object); if(s.contains("/") || s.contains(">")||s.contains("<")||s.contains("?") ||s.contains("&") ||s.contains("")) { String validobject=URLEncoder.encode(s); System.out.println("the encoded data is"+validobject); } else { System.out.println("the non-encoded data is"+object); }