Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Include accessibility-related attributes in XSSProtection configuration

Avatar

NicolásMu
Level 1

10/14/25

Resumen de la solicitud de mejora de funciones (RFE): Currently, AEM’s XSSProtection configuration (/libs/cq/xssprotection/config.xml) does not allow several accessibility-related attributes such as aria-label, aria-hidden, role, and tabindex.
We propose including these attributes by default in the configuration to improve accessibility support and reduce the need for overlays or custom configurations.
Caso de uso:

Developers using HTL expressions like:

${property @ context='html'}

cannot render accessibility attributes defined in component properties, since they are filtered by the XSSProtection mechanism. This limits the ability to build fully accessible components following WCAG and ARIA standards.
Comportamiento actual/experimentado: When rendering properties that contain ARIA or accessibility-related attributes, these attributes are removed by XSSProtection because they are not listed in config.xml. The only current workaround is to overlay /libs/cq/xssprotection/config.xml into /apps, which may cause maintenance issues with future updates.
Comportamiento mejorado/esperado: AEM should include the attributes aria-label, aria-hidden, role, and tabindex (and potentially other accessibility-related attributes) in the default XSSProtection configuration, allowing them to be safely rendered through HTL without requiring overlay.
Detalles del entorno (versión de AEM, Service Pack y cualquier otra especificación, si corresponde):

AEM as a Cloud Service 

Issue reproducible in both Author and Publish environments.

Core Components and custom components affected.
Nombre del cliente o de la organización: TELEFONICA ESPANA 
Captura de pantalla (si corresponde): N/A
Paquete de código (si corresponde) Not required – issue reproducible with any component rendering an HTL property with @CONTEXT='html' containing ARIA attributes.
Reply
Related Conversations
Do not open Page Properties in fullscreen

Views

13

Likes

0

Replies

0
Ability to search for images in the “Pick Image” window (Image component)

Views

32

Likes

0

Replies

0
Feature to define a pipeline timeout in Cloud Manager

Views

38

Likes

0

Replies

0
Enable Programmatic Extension of Content Fragment GraphQL Schema in AEM

Views

103

Likes

0

Replies

1
In Cloud Manager, sort Pipelines alphabetically

Views

318

Like

1

Replies

1