cancel
Showing results for 
Search instead for 
Did you mean: 

special character getting added in smart edit

Former Member

Hey

We have created a custom cms component which has some editable text attributes... When we add a text containing '(' or ')' from smart edit, '/' is getting added before these paranthesis...

for eg if i am adding a text like "image(245)", its getting saved as "image/(245/)".. The next time if i edit any other attribute in that component its getting saved as "image//(245//)"...

Please let us know about the fix for this issue.. Awaiting your response

Thanks,

Accepted Solutions (1)

Accepted Solutions (1)

geffchang
Active Contributor
0 Kudos

This is a Known Issue for SmartEdit, and it is documented in the Help site: https://help.hybris.com/1808/hcd/d1493aa101f04a7a98202a1407a7c379.html

We will just have to wait if there are updates in the future.

Use of Special Characters Can Increase XSS Vulnerability

SmartEdit allows you to use special characters, such as the colon (,), the apostrophe ('), and quotation marks ("), when you create or edit a component. You can add the special characters in the content of paragraph and link components, or in the links of the target destination for many component types. The use of special characters makes it possible to inject JavaScript code. You should be aware that the use of special characters can increase the vulnerability of SmartEdit to XSS attacks. To minimize security risks, SmartEdit automatically adds two backslashes (\) in front of all special characters. For example, it automatically changes (test) to \(test\).

Former Member
0 Kudos

Is there any workaround for the same?

geffchang
Active Contributor
0 Kudos

I'm not really sure. Let's just hope it gets fixed in the near future.

Former Member
0 Kudos

Thank you very much :)

Answers (0)