Solved: AEM 6 SP2 | Sightly html context - Adobe Experience League Community

View profile · 15-10-2015

Hi All,

I have a sightly expression like

${"Welcome! to " @ context='html'} India - context is 'html'

and it is rendering as

Welcome! to India - without data-id attribute in span tag

expected output

Welcome! to India

But when I change the context to unsafe , same sightly is rendering as expected

${"Welcome! to " @ context='unsafe'} India - context is 'unsafe'

rendered as

Welcome! to India

I do not want to use context as unsafe, how to resolve this?

Thanks,

Radhakrishna N

View profile · 15-10-2015

The data-id attribute is getting stripped because the antisamy API used by AEM for filtering the HTML does not recognize this attribute. You can overlay the config file from /libs/cq/xssprotection/config.xml to apps as /apps/cq/xssprotection/config.xml and add the new attribute in it as mentioned below to fix this -

<common-attributes> <!-- Add the new attribute inside common-attributes tag --> <attribute name="data-id"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> | | | <!--Find tag name="span" and the new attribute defn. --> <tag name="span" action="validate"> <attribute name="data-id"/> </tag>

View profile · 14-09-2018

For some reason this is not working for <a> tags in aem 6.4. Any other ideas?

View profile · 15-10-2015

it is more implicit, all output by Sightly is escaped via the XSS-api.

View profile · 15-10-2015

Thanks Kunal, it worked. Is it anywhere documented in Sightly documentation?

Thanks,

Radhakrishna N

AEM 6 SP2 | Sightly html context

Accepted Solutions (1)

Accepted Solutions (1)

Answers (3)

Answers (3)