Bases encodeForHTML() from ESAPI. Unfortunately ESAPI requires configuration in properties which is a pain if you just need to encode