To Dear Experts.
Most of recent e-commerce site support special charactor '#' in password field.
If I set 'xss.filter.enabled=false', then customers can use '#' special character in password field in hybris(SAP Customer Experience) .
But for security reasons, our team have to set 'xss.filter.enabled=true'.
What class or xss.filter.rule do remove '#' character from parameters?
How can I send '#' special character to controller when xss filter is on?
I'm going to try excluding specific filter using filterConfig, but I don't know what specific filter removes '#' character.
I read several threads already, but I coundn't find the clear answer yet.
Thank you for taking the time to read this thread :)
Have a nice weekend!