By default, all of the POST parameters in a request are filtered. You can skip filtering of the parameters associated with an individual dsp:input or dsp:textarea tag by setting its xssFiltering attribute to false. For example:

<dsp:input bean="Employee.name" xssFiltering="false" ... />

You can disable POST parameter validation globally by setting the xssFiltering property of the /atg/dynamo/Configuration component to false:

xssFiltering=false

Note that this disables filtering of POST parameters only, not of query parameters. For information about disabling validation of query parameters, see Disabling Query Parameter Validation.

Keep in mind that disabling validation is strongly discouraged, as it can leave your application vulnerable to cross-site attacks.