Adding aria-describedby in RTE not working

Avatar

Avatar
Validate 25
Level 3
alistairp781078
Level 3

Likes

10 likes

Total Posts

96 posts

Correct reply

5 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give Back 10
Give Back 5
View profile

Avatar
Validate 25
Level 3
alistairp781078
Level 3

Likes

10 likes

Total Posts

96 posts

Correct reply

5 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give Back 10
Give Back 5
View profile
alistairp781078
Level 3

09-09-2020

I'm using the RTE in our text component and have found I cannot add an aria-describedby attribute in an a tag.

 

For example, in the RTE, I'm using the HTML editor to try to add:

 

<a href="https://www.google.com" aria-describedby="test-id">TEST</a>

 

For some reason, the aria-describedby attribute is being stripped out. Does anyone know why this might be happening and how to fix it?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Affirm 50
MVP
Vaibhavi
MVP

Likes

216 likes

Total Posts

181 posts

Correct reply

61 solutions
Top badges earned
Affirm 50
Validate 1
Ignite 1
Give Back 5
Give Back 3
View profile

Avatar
Affirm 50
MVP
Vaibhavi
MVP

Likes

216 likes

Total Posts

181 posts

Correct reply

61 solutions
Top badges earned
Affirm 50
Validate 1
Ignite 1
Give Back 5
Give Back 3
View profile
Vaibhavi
MVP

09-09-2020

Hi @alistairp781078 

Have you checked if aria-describedby tag is whitelisted in xssprotection. 

 

AEM uses XSS (Cross Site Scriptingprotection  to prevent attackers to inject code into web pages viewed by other users, is based on AntiSamy Java library provided by OWASP. 

If the tags are not whitelisted, tags will be stripped off while rendering. 

To fix the issue, 

1.Navigate to /libs/cq/xssprotection/config.xml

2.overlay the file under apps. 

3.Add the below code. 

<tag name="a" action="validate">

    <attribute name="aria-describedby">

        <regexp-list> 

           <regexp name="anything"/>

       </regexp-list>

    </attribute>

</tag>

 

Above code will allow the  aria-describedby attribute inside anchor tag. This should fix your issue. 

 

You can refer to below documents to understand in depth. 

https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/security.html#ProtectagainstCr...

https://helpx.adobe.com/experience-manager/kb/target-attribute-issue-tag.html

Answers (0)