Adobe Experience Manager Sites & More

AEM 6.5.12.0 - Sling Models Use Pojos Anti Samy Rules for Custom Tags by Sreekanth Choudry Nalabotu

Abstract

Goal
When adding Custom Tags via Sling Models or Use Pojos, without overlaying the Anti Samy rules and add the tags in /apps/cq/xssprotection/config.xml, you should see the following in error.log...

org.apache.sling.xss.impl.XSSFilterImpl Detected policy file change (CHANGED) at /apps/cq/xssprotection/config.xml. Updating policy handler.

org.apache.sling.xss.impl.XSSFilterImpl Installed policy from /apps/cq/xssprotection/config.xml.

GET /content/home.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The tv3-tooltip tag has been filtered for security reasons. The contents of the tag will remain in place.

GET /content/home.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The span tag contained an attribute that we could not process. The slot attribute has been filtered out, but the tag is still in place. The value of the attribute was "source".



No Custom Tags in AntiSamy...

CREF Board of Trustees

Custom Tags in AntiSamy


CREF Board of Trustees

Solution
1) Create the Pojo /apps/eaem-anti-samy-model/components/basic-render-component/ExperienceAEMModel.java

package apps.eaem_anti_samy_model.components.basic_render_component;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.annotation.PostConstruct;

public class ExperienceAEMModel {
private static final Logger log = LoggerFactory.getLogger(ExperienceAEMModel.class);

public String getHtml() {
return "" +
"CREF Board of Trustees" +
"

" +
"";
}
}


2) Create the component render script /apps/eaem-anti-samy-model/components/basic-render-component/basic-render-component.html

Read Full Blog

AEM 6.5.12.0 - Sling Models Use Pojos Anti Samy Rules for Custom Tags

Q&A

Please use this thread to ask the related questions.

Kautuk Sahni