By default, all of the POST parameters in a request are filtered. You can skip filtering of the parameters associated with an individual dsp:input
or dsp:textarea
tag by setting its xssFiltering
attribute to false
. For example:
<dsp:input bean="Employee.name" xssFiltering="false" ... />
You can disable POST parameter validation globally by setting the xssFiltering
property of the /atg/dynamo/Configuration
component to false
:
xssFiltering=false
Note that this disables filtering of POST parameters only, not of query parameters. For information about disabling validation of query parameters, see Disabling Query Parameter Validation.
Keep in mind that disabling validation is strongly discouraged, as it can leave your application vulnerable to cross-site attacks.