AEM Text component Source Edit doesn't allow to have Id with "?" | Community
Skip to main content
A
ArindamPatra15
Level 2
August 28, 2024
Solved

AEM Text component Source Edit doesn't allow to have Id with "?"

  • August 28, 2024
  • 1 reply
  • 796 views

Am seeing some issues with id attribute in AEM rich text editor.

 

IN RTE if i use the the following:

<h2 id="how">Hello</h2> -- Works well.

 

Second case:

 

<h2 id="how?">Hello</h2>

in source edit once you try to edit again, it becomes

<h2>Hello</h2>

 

id with "?" is not allowed it seems in Richtext, i need to allow it, as in normal html its allowed.

 

Has anyone seen this issue.

Need a Quick solution.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by arunpatidar

Hi @arindampatra15 
This is disabled due to XSS protection

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/implementing/developing/introduction/security#protect-against-cross-site-scripting-xss 

 

<attribute name="id" description="The 'id' of any HTML attribute should not contain anything besides letters and numbers"> <regexp-list> <regexp name="htmlId"/> </regexp-list> </attribute>

 

<regexp name="htmlId" value="[a-zA-Z0-9\:\-_\.]+"/>

To add exception, you may need to overlay /libs/cq/xssprotection/config.xml and change the htmlId regexp

1 reply

arunpatidar
Community Advisor
arunpatidarCommunity AdvisorAccepted solution
Community Advisor
August 28, 2024

Hi @arindampatra15 
This is disabled due to XSS protection

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/implementing/developing/introduction/security#protect-against-cross-site-scripting-xss 

 

<attribute name="id" description="The 'id' of any HTML attribute should not contain anything besides letters and numbers"> <regexp-list> <regexp name="htmlId"/> </regexp-list> </attribute>

 

<regexp name="htmlId" value="[a-zA-Z0-9\:\-_\.]+"/>

To add exception, you may need to overlay /libs/cq/xssprotection/config.xml and change the htmlId regexp

Arun Patidar
    gkalyan
    Community Advisor and Adobe Champion
    gkalyanCommunity Advisor and Adobe Champion
    Community Advisor and Adobe Champion
    August 28, 2024

    @arindampatra15 I would advise not to go around this XSS protection as Cross-site scripting is one of the easiest ways for bad actors to bypass access controls.

     

    If you have a valid use case, try working around it to find a different way to implement rather than by working around security protocols.

     

     

      Terms & ConditionsAccessibility statement

      Loading footer...