What you're asking for is two different things. Taking special characters and displaying them visually to the user is fairly straightforward. Inserting them into the page as markup safely is more complicated.
Visual display:
What you want to do here is to take the special characters that the browser wants to interpret at as markup and escape (or encode) it in a way that indicates to the browser that it should just be displayed. Alex recommended the StringEscapeUtils which should help you do that. (Keep in mind that each context has it's own rules for escaping so what works for html won't necessarily work for css and javascript.)
Markup insertion:
In this case you need to do some validation of the input to ensure that you aren't inserting content that affects how your page behaves. Inserting some ... markup is probably okay, inserting javascript is risky. The challenge is catching all of the ways people might try to evade your filter. If your site is interesting enough, people will try to take advantage of this feature.