on 10-22-2018 5:16 PM
Hey
We have created a custom cms component which has some editable text attributes... When we add a text containing '(' or ')' from smart edit, '/' is getting added before these paranthesis...
for eg if i am adding a text like "image(245)", its getting saved as "image/(245/)".. The next time if i edit any other attribute in that component its getting saved as "image//(245//)"...
Please let us know about the fix for this issue.. Awaiting your response
Thanks,
This is a Known Issue for SmartEdit, and it is documented in the Help site: https://help.hybris.com/1808/hcd/d1493aa101f04a7a98202a1407a7c379.html
We will just have to wait if there are updates in the future.
Use of Special Characters Can Increase XSS Vulnerability
SmartEdit allows you to use special characters, such as the colon (,), the apostrophe ('), and quotation marks ("), when you create or edit a component. You can add the special characters in the content of paragraph and link components, or in the links of the target destination for many component types. The use of special characters makes it possible to inject JavaScript code. You should be aware that the use of special characters can increase the vulnerability of SmartEdit to XSS attacks. To minimize security risks, SmartEdit automatically adds two backslashes (\) in front of all special characters. For example, it automatically changes (test) to \(test\).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.