cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can I send '#' special character to the controller when xss filter is on?

former_member628981
Explorer

‎10-04-2019 3:32 PM - edited ‎02-03-2024 5:39 PM

0 Kudos

To Dear Experts.

Most of recent e-commerce site support special charactor '#' in password field.

If I set 'xss.filter.enabled=false', then customers can use '#' special character in password field in hybris(SAP Customer Experience) .

But for security reasons, our team have to set 'xss.filter.enabled=true'.

What class or xss.filter.rule do remove '#' character from parameters?

How can I send '#' special character to controller when xss filter is on?

I'm going to try excluding specific filter using filterConfig, but I don't know what specific filter removes '#' character.

I read several threads already, but I coundn't find the clear answer yet.

1. https://answers.sap.com/questions/12758960/view.html

2. https://answers.sap.com/questions/12722914/bug-in-username-login-page-hybris-version-68.html

3. https://hybrismart.com/2018/04/14/five-things-about-sap-hybris-you-probably-didnt-know/

Thank you for taking the time to read this thread 🙂

Have a nice weekend!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member628981
Explorer
‎10-07-2019 7:27 AM
0 Kudos

I founded a clue from another question.

https://answers.sap.com/questions/12768653/hashtag-in-passoword.html

I did comment out xss.filter.rule.javascript2=(?i)\\u0023 and '#' character in password worked fine.

Show replies
Show replies
Ask a Question