When accessing SmartEdit on a 6.6 Hybris instance you'll get several frontend issues (CSS not loading, etc), making the whole interface partially not working and throwing this error on console:
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.

This is due to wrong Spring paths generated like below https://dev.local:9002/smartedit/static-resources/dist/smartedit//fonts/hyicon.woff?1509480052
(note the 2 slashes "//" before "fonts")
This is due to Spring StrictHttpFirewall
https://github.com/spring-projects/spring-security/issues/5044
https://github.com/spring-projects/spring-security/issues/5007
This is definitely something that needs to be addressed by Hybris, since the URL shouldn't be generated in such a wrong way. From a quick analysis URL was always generated in such a wrong way (ie. in 6.5.0.3 it was generated like this too) but due to the Spring StrictHttpFirewall they're not allowed anymore.
In order to fix it temporarily:
StrictHttpFirewall.setAllowUrlEncodedSlash(true)
or revert to HttpFirewall