ABAP offers predefined function called escape( ) which is available as of SAP_BASIS >= 731.
Whenever you need to convert your data from unescaped to escaped string, you can use this escape function. There are several options which escaped function provides. You can escape HTML, XML, JS, JSON content or its combination, URL and URI links. You can also use escape function for Cross-site scripting as you can see in this link.