WebSphere® Portal enables Cross-site scripting (CSS) security protection by default. With CSS security protection enabled, the characters ">" (greater than) and "<" (less than) in form input are changed to the character entities ">" and "<". This is done to minimize the security risk of malicious input which could disrupt portal content.
Having CSS security protection enabled can cause problems with iSeries™ Access portlets which rely on form input to retrieve information from the user. For example, the iSeries Dynamic SQL portlet uses a form to retrieve a SQL statement to run. Any ">" or "<" characters in the statement are changed to ">" and "<". When the modified statement is run, it fails with this message: [SQL0104] Token & was not valid. Valid tokens: < > = <> <= ...
WebSphere Portal provides a configuration option to disable CSS security protection. Disabling this protection avoids the problems associated with modifying form input; however, the security implications associated with disabling this support need to be considered. See the Troubleshooting section of the WebSphere Portal documentation for more information.