AEM 6 SP2 | Sightly html context

Avatar

Avatar

Radha_Krishna_N

Avatar

Radha_Krishna_N

Radha_Krishna_N

15-10-2015

Hi All,

I have a sightly expression like 

<p>${"Welcome! to <span class='test' data-id='testId'>" @ context='html'} India</span></p> - context is 'html'

and it is rendering as 

<p>Welcome! to  <span class="test"></span> India</span></p> - without data-id attribute in span tag

expected output 

<p>Welcome! to  <span class='test' data-id='testId'> India</span></p>

But when I change the context to unsafe , same sightly is rendering as expected 

<p>${"Welcome! to <span class='test' data-id='testId'>" @ context='unsafe'} India</span></p> - context is 'unsafe'

rendered as 

<p>Welcome! to  <span class='test' data-id='testId'> India</span></p> 

I do not want to use context as unsafe, how to resolve this?

 

Thanks,

Radhakrishna N

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

kunal23

MVP

Avatar

kunal23

MVP

kunal23
MVP

15-10-2015

The data-id attribute is getting stripped because the antisamy API used by AEM for filtering the HTML does not recognize this attribute. You can overlay the config file from /libs/cq/xssprotection/config.xml to apps as  /apps/cq/xssprotection/config.xml and add the new attribute in it as mentioned below to fix this - 

<common-attributes> <!-- Add the new attribute inside common-attributes tag --> <attribute name="data-id"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> | | | <!--Find tag name="span" and the new attribute defn. --> <tag name="span" action="validate"> <attribute name="data-id"/> </tag>

Answers (3)

Answers (3)

Avatar

Avatar

notyourcat

Avatar

notyourcat

notyourcat

14-09-2018

For some reason this is not working for <a> tags in aem 6.4. Any other ideas?

Avatar

Avatar

Feike_Visser1

Employee

Avatar

Feike_Visser1

Employee

Feike_Visser1
Employee

15-10-2015

it is more implicit, all output by Sightly is escaped via the XSS-api.

Avatar

Avatar

Radha_Krishna_N

Avatar

Radha_Krishna_N

Radha_Krishna_N

15-10-2015

Thanks Kunal, it worked. Is it anywhere documented in Sightly documentation? 

Thanks,

Radhakrishna N