AEM 6 SP2 | Sightly html context | Community
Skip to main content
Radha_Krishna_N
Radha_Krishna_N
Level 3
October 16, 2015
Solved

AEM 6 SP2 | Sightly html context

  • October 16, 2015
  • 4 replies
  • 5957 views

Hi All,

I have a sightly expression like 

<p>${"Welcome! to <span class='test' data-id='testId'>" @ context='html'} India</span></p> - context is 'html'

and it is rendering as 

<p>Welcome! to  <span class="test"></span> India</span></p> - without data-id attribute in span tag

expected output 

<p>Welcome! to  <span class='test' data-id='testId'> India</span></p>

But when I change the context to unsafe , same sightly is rendering as expected 

<p>${"Welcome! to <span class='test' data-id='testId'>" @ context='unsafe'} India</span></p> - context is 'unsafe'

rendered as 

<p>Welcome! to  <span class='test' data-id='testId'> India</span></p> 

I do not want to use context as unsafe, how to resolve this?

 

Thanks,

Radhakrishna N

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by Kunal_Gaba_

    The data-id attribute is getting stripped because the antisamy API used by AEM for filtering the HTML does not recognize this attribute. You can overlay the config file from /libs/cq/xssprotection/config.xml to apps as  /apps/cq/xssprotection/config.xml and add the new attribute in it as mentioned below to fix this - 

    <common-attributes> <!-- Add the new attribute inside common-attributes tag --> <attribute name="data-id"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> | | | <!--Find tag name="span" and the new attribute defn. --> <tag name="span" action="validate"> <attribute name="data-id"/> </tag>

    4 replies

    Kunal_Gaba_
    Kunal_Gaba_Accepted solution
    October 16, 2015

    The data-id attribute is getting stripped because the antisamy API used by AEM for filtering the HTML does not recognize this attribute. You can overlay the config file from /libs/cq/xssprotection/config.xml to apps as  /apps/cq/xssprotection/config.xml and add the new attribute in it as mentioned below to fix this - 

    <common-attributes> <!-- Add the new attribute inside common-attributes tag --> <attribute name="data-id"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> | | | <!--Find tag name="span" and the new attribute defn. --> <tag name="span" action="validate"> <attribute name="data-id"/> </tag>
      Radha_Krishna_N
      Radha_Krishna_NAuthor
      Level 3
      October 16, 2015

      Thanks Kunal, it worked. Is it anywhere documented in Sightly documentation? 

      Thanks,

      Radhakrishna N

      Feike_Visser1
      Adobe Employee
      Feike_Visser1Adobe Employee
      Adobe Employee
      October 16, 2015

      it is more implicit, all output by Sightly is escaped via the XSS-api.

      F
      felipeabellan
      Level 2
      September 15, 2018

      For some reason this is not working for <a> tags in aem 6.4. Any other ideas?

      Terms & ConditionsAccessibility statement

      Loading footer...