| Resumen de la solicitud de mejora de funciones (RFE): |
Currently, AEM’s XSSProtection configuration (/libs/cq/xssprotection/config.xml) does not allow several accessibility-related attributes such as aria-label, aria-hidden, role, and tabindex.
We propose including these attributes by default in the configuration to improve accessibility support and reduce the need for overlays or custom configurations. |
| Caso de uso: |
Developers using HTL expressions like:
${property @ context='html'}
cannot render accessibility attributes defined in component properties, since they are filtered by the XSSProtection mechanism. This limits the ability to build fully accessible components following WCAG and ARIA standards.
|
| Comportamiento actual/experimentado: |
When rendering properties that contain ARIA or accessibility-related attributes, these attributes are removed by XSSProtection because they are not listed in config.xml. The only current workaround is to overlay /libs/cq/xssprotection/config.xml into /apps, which may cause maintenance issues with future updates. |
| Comportamiento mejorado/esperado: |
AEM should include the attributes aria-label, aria-hidden, role, and tabindex (and potentially other accessibility-related attributes) in the default XSSProtection configuration, allowing them to be safely rendered through HTL without requiring overlay. |
| Detalles del entorno (versión de AEM, Service Pack y cualquier otra especificación, si corresponde): |
AEM as a Cloud Service
Issue reproducible in both Author and Publish environments.
Core Components and custom components affected.
|
| Nombre del cliente o de la organización: |
TELEFONICA ESPANA |
| Captura de pantalla (si corresponde): |
N/A |
| Paquete de código (si corresponde) |
Not required – issue reproducible with any component rendering an HTL property with @CONTEXT='html' containing ARIA attributes. |
