User interface add-on for SAP NetWeaver uses JavaScript code at the front-end.
To protect your system against cross-site scripting attacks, good output encoding is crucial. Make sure that you apply SAP Note 1582870 .