Disable cross-site scripting protection for the Management Center

Disable cross-site scripting protection for the Management Center

When enabled, cross-site scripting protection rejects any user requests that contain attributes (parameters) or strings that are designated as not allowable. We can also exclude commands from cross-site scripting protection by allowing the values of specified attributes for that particular command to contain prohibited strings. Cross-site scripting protection is enabled by default, but we can disable it to match your security needs.

Procedure
Open the following file LOBTools/WebContent/WEB-INF/web.xml file.
Search for and remove the following snippet:
<param-name>com.ibm.commerce.security.crosssitescriptingprovider</param-name> 
<param-value>com.ibm.commerce.foundation.internal.client.security.impl. 
ClassicCommerceCrossSiteScriptingProviderImpl</param-value>
Save our changes and close the file.