Expand my Community achievements bar.

SOLVED

AEM 6 SP2 | Sightly html context

Avatar

Level 4
Level 4
10/15/15 7:28:59 PM

Hi All,

I have a sightly expression like 

<p>${"Welcome! to <span class='test' data-id='testId'>" @ context='html'} India</span></p> - context is 'html'

and it is rendering as 

<p>Welcome! to  <span class="test"></span> India</span></p> - without data-id attribute in span tag

expected output 

<p>Welcome! to  <span class='test' data-id='testId'> India</span></p>

But when I change the context to unsafe , same sightly is rendering as expected 

<p>${"Welcome! to <span class='test' data-id='testId'>" @ context='unsafe'} India</span></p> - context is 'unsafe'

rendered as 

<p>Welcome! to  <span class='test' data-id='testId'> India</span></p> 

I do not want to use context as unsafe, how to resolve this?

 

Thanks,

Radhakrishna N

Views

5.2K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:28:59 PM

The data-id attribute is getting stripped because the antisamy API used by AEM for filtering the HTML does not recognize this attribute. You can overlay the config file from /libs/cq/xssprotection/config.xml to apps as  /apps/cq/xssprotection/config.xml and add the new attribute in it as mentioned below to fix this - 

<common-attributes> <!-- Add the new attribute inside common-attributes tag --> <attribute name="data-id"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> | | | <!--Find tag name="span" and the new attribute defn. --> <tag name="span" action="validate"> <attribute name="data-id"/> </tag>

View solution in original post

Views

2.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:28:59 PM

The data-id attribute is getting stripped because the antisamy API used by AEM for filtering the HTML does not recognize this attribute. You can overlay the config file from /libs/cq/xssprotection/config.xml to apps as  /apps/cq/xssprotection/config.xml and add the new attribute in it as mentioned below to fix this - 

<common-attributes> <!-- Add the new attribute inside common-attributes tag --> <attribute name="data-id"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> | | | <!--Find tag name="span" and the new attribute defn. --> <tag name="span" action="validate"> <attribute name="data-id"/> </tag>

Views

2.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 4
Level 4
10/15/15 7:28:59 PM

Thanks Kunal, it worked. Is it anywhere documented in Sightly documentation? 

Thanks,

Radhakrishna N

Views

2.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
10/15/15 7:28:59 PM

it is more implicit, all output by Sightly is escaped via the XSS-api.

Views

2.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/14/18 7:17:11 PM

For some reason this is not working for <a> tags in aem 6.4. Any other ideas?

Views

3.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate