Disabling cross-site scripting protection for the Management Center

When enabled, cross-site scripting protection rejects any user requests that contain attributes (parameters) or strings that are designated as not allowable. You can also exclude commands from cross-site scripting protection by allowing the values of specified attributes for that particular command to contain prohibited strings. Cross-site scripting protection is enabled by default, but you can disable it to match your security needs.


  1. Open the following file LOBTools/WebContent/WEB-INF/web.xml file.
  2. Search for and remove the following snippet:
  3. Save your changes and close the file.