Skip to Content

How can I send '#' special character to the controller when xss filter is on?

To Dear Experts.

Most of recent e-commerce site support special charactor '#' in password field.

If I set 'xss.filter.enabled=false', then customers can use '#' special character in password field in hybris(SAP Customer Experience) .

But for security reasons, our team have to set 'xss.filter.enabled=true'.

What class or xss.filter.rule do remove '#' character from parameters?

How can I send '#' special character to controller when xss filter is on?

I'm going to try excluding specific filter using filterConfig, but I don't know what specific filter removes '#' character.

I read several threads already, but I coundn't find the clear answer yet.

1. https://answers.sap.com/questions/12758960/view.html

2. https://answers.sap.com/questions/12722914/bug-in-username-login-page-hybris-version-68.html

3. https://hybrismart.com/2018/04/14/five-things-about-sap-hybris-you-probably-didnt-know/

Thank you for taking the time to read this thread :)

Have a nice weekend!

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Posted on Oct 07, 2019 at 06:27 AM

    I founded a clue from another question.

    https://answers.sap.com/questions/12768653/hashtag-in-passoword.html

    I did comment out xss.filter.rule.javascript2=(?i)\\u0023 and '#' character in password worked fine.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.