Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

AEM design importer Upload Zip Option not working after Service pack 6.5.23

Avatar

Community Advisor
Community Advisor
10/17/25 1:27:54 AM

Issue starts after AEM 6.5.23 service pack installation.

The file upload field stopped popping up on the "Upload Zip" option of design importer.
The error is due to sanitization of html which contained a non standard html attribute "coral-fileupload-select".
Is this something adobe should fix as issue is with coral fields which are used in AEM but are non standard?

Kamal_Kishor_0-1760689498654.png

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager

Views

119

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/17/25 1:38:10 AM

hi @Kamal_Kishor,

AEM's XSS protection system sanitizes HTML responses to prevent cross-site scripting attacks. The sanitization is controlled by an attribute allowlist in /libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/xss/xss.js. Maybe after upgrading to SP 6.5.23, the coral-fileupload-select attribute is not included in this allowlist anymore, causing the file upload field to fail to render properly. 

 

Until Adobe releases an official fix, you can implement a workaround by overlaying the XSS configuration file:

  1. Overlay the XSS configuration: Copy /libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/xss/xss.js to /apps/granite/ui/components/coral/foundation/clientlibs/foundation/js/xss/xss.js​

  2. Add the missing attribute: Locate the ADD_ATTR array and add "coral-fileupload-select" to the allowlist, similar to other coral attributes already present​

  3. Clear browser cache and restart: Clear your browser cache and restart the AEM instance to ensure the changes take effect​

 

References: 

Protect against Cross-Site Scripting (XSS) 

View solution in original post

Views

110

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
6 Replies

Avatar

Correct answer by
Level 10
Level 10
10/17/25 1:38:10 AM

hi @Kamal_Kishor,

AEM's XSS protection system sanitizes HTML responses to prevent cross-site scripting attacks. The sanitization is controlled by an attribute allowlist in /libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/xss/xss.js. Maybe after upgrading to SP 6.5.23, the coral-fileupload-select attribute is not included in this allowlist anymore, causing the file upload field to fail to render properly. 

 

Until Adobe releases an official fix, you can implement a workaround by overlaying the XSS configuration file:

  1. Overlay the XSS configuration: Copy /libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/xss/xss.js to /apps/granite/ui/components/coral/foundation/clientlibs/foundation/js/xss/xss.js​

  2. Add the missing attribute: Locate the ADD_ATTR array and add "coral-fileupload-select" to the allowlist, similar to other coral attributes already present​

  3. Clear browser cache and restart: Clear your browser cache and restart the AEM instance to ensure the changes take effect​

 

References: 

Protect against Cross-Site Scripting (XSS) 

Views

111

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
10/17/25 5:02:01 AM
In response to giuseppebaglio

@giuseppebaglio : thank you for your inputs. I do not see "coral-fileupload-select" in AEM 6.5.23
Adding this would probably resolve our issue.

I am wondering if this should be fixed from adobe through a hotfix for 6.5.23 or we need to custom fix this for all such instances.
thanks.

Kamal_Kishor_1-1760702486637.png

 

 

Views

80

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
10/17/25 5:45:08 AM
In response to Kamal_Kishor

I believe the best course of action is to open a support ticket with Adobe regarding this issue. You can also inquire if my suggestion could serve as a temporary workaround until/if they will release a patch.

Views

61

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
10/17/25 6:46:45 AM
In response to giuseppebaglio

@giuseppebaglio : Your suggestions does work for us. And we are in the process if raising a support ticket with adobe as well.

thank you.

Views

46

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
10/17/25 5:37:49 AM

Hi @Kamal_Kishor ,

 

This issue should ideally be fixed by Adobe via an official hotfix rather than a custom change.

After AEM 6.5.23, stricter HTML sanitization removed non-standard attributes like coral-fileupload-select, which are used internally by Coral UI. As a result, the Design Importer’s “Upload Zip” dialog no longer opens because the attribute required by the file upload field is missing.

Since this attribute is part of Adobe’s Coral UI, the issue is a regression in the service pack, not a problem in your code. The correct approach is to log a support ticket with Adobe for a patch.

Temporary client-side workarounds (e.g., re-adding the attribute via JavaScript) are possible but not recommended for production.

In short, this is a product-level issue introduced in 6.5.23, and Adobe should provide an official fix.

 

Thanks & Regards,

Vishal

Views

68

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
10/17/25 6:47:47 AM
In response to VishalKa5

@VishalKa5 : Thank you for your response. This does help us with our future course of action. We are in the process of raising a support ticket with Adobe. thanks.

Views

40

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Meta Translation Functions Not Active For Custom Translator Connector

Views

41

Likes

0

Replies

1
AEM cloud dispatcher farm files

Views

101

Like

1

Replies

3
AEM User Group Kickoff Meeting - October 22!

Views

46

Likes

0

Replies

0
How to implement Radio Button Show/Hide for Variations in AEM Dialog

Views

100

Likes

0

Replies

2
AEM Managed Location Maps

Views

69

Likes

0

Replies

1