If I use application layer to submit data, seems that the prevent xss attack for classic Controller does not work any more. Could you please tell me how to enable this feature when submit data when use DTO objects? Thanks