Expand my Community achievements bar.

SOLVED

Adding aria-describedby in RTE not working

Avatar

Level 4
Level 4
9/9/20 5:30:09 AM

I'm using the RTE in our text component and have found I cannot add an aria-describedby attribute in an a tag.

 

For example, in the RTE, I'm using the HTML editor to try to add:

 

<a href="https://www.google.com" aria-describedby="test-id">TEST</a>

 

For some reason, the aria-describedby attribute is being stripped out. Does anyone know why this might be happening and how to fix it?

Views

1.5K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
9/9/20 6:22:35 AM

Hi @alistairp781078 

Have you checked if aria-describedby tag is whitelisted in xssprotection. 

 

AEM uses XSS (Cross Site Scriptingprotection  to prevent attackers to inject code into web pages viewed by other users, is based on AntiSamy Java library provided by OWASP. 

If the tags are not whitelisted, tags will be stripped off while rendering. 

To fix the issue, 

1.Navigate to /libs/cq/xssprotection/config.xml

2.overlay the file under apps. 

3.Add the below code. 

<tag name="a" action="validate">

    <attribute name="aria-describedby">

        <regexp-list> 

           <regexp name="anything"/>

       </regexp-list>

    </attribute>

</tag>

 

Above code will allow the  aria-describedby attribute inside anchor tag. This should fix your issue. 

 

You can refer to below documents to understand in depth. 

https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/security.html#ProtectagainstCr...

https://helpx.adobe.com/experience-manager/kb/target-attribute-issue-tag.html

View solution in original post

Views

1.5K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
9/9/20 6:22:35 AM

Hi @alistairp781078 

Have you checked if aria-describedby tag is whitelisted in xssprotection. 

 

AEM uses XSS (Cross Site Scriptingprotection  to prevent attackers to inject code into web pages viewed by other users, is based on AntiSamy Java library provided by OWASP. 

If the tags are not whitelisted, tags will be stripped off while rendering. 

To fix the issue, 

1.Navigate to /libs/cq/xssprotection/config.xml

2.overlay the file under apps. 

3.Add the below code. 

<tag name="a" action="validate">

    <attribute name="aria-describedby">

        <regexp-list> 

           <regexp name="anything"/>

       </regexp-list>

    </attribute>

</tag>

 

Above code will allow the  aria-describedby attribute inside anchor tag. This should fix your issue. 

 

You can refer to below documents to understand in depth. 

https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/security.html#ProtectagainstCr...

https://helpx.adobe.com/experience-manager/kb/target-attribute-issue-tag.html

Views

1.5K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 4
Level 4
9/10/20 1:04:08 AM
In response to Vaibhavi_J
Hey, thanks for the response. I tried this and it's worked

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Question Out of curiosity!! A asset upload in the AEM publish instance.

Views

22

Likes

0

Replies

0
Redirection is not working in Dispatcher Environment

Views

36

Likes

0

Replies

1
Multifield Rollout in AEM 6.5.20.0 on-prem

Views

47

Likes

0

Replies

1
How to migrate JTW to OAuth2 and use it in the Jenkins pipeline?

Views

70

Likes

0

Replies

3
I have a component based on show-hide in AEM. can any one help on this

Views

88

Likes

0

Replies

5