To Dear Experts.
Most of recent e-commerce site support special charactor '#' in password field.
If I set 'xss.filter.enabled=false', then customers can use '#' special character in password field in hybris(SAP Customer Experience) .
But for security reasons, our team have to set 'xss.filter.enabled=true'.
What class or xss.filter.rule do remove '#' character from parameters?
How can I send '#' special character to controller when xss filter is on?
I'm going to try excluding specific filter using filterConfig, but I don't know what specific filter removes '#' character.
I read several threads already, but I coundn't find the clear answer yet.
1. https://answers.sap.com/questions/12758960/view.html
2. https://answers.sap.com/questions/12722914/bug-in-username-login-page-hybris-version-68.html
3. https://hybrismart.com/2018/04/14/five-things-about-sap-hybris-you-probably-didnt-know/
Thank you for taking the time to read this thread :)
Have a nice weekend!