Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

AEM- How to make href to accept custom tel: tags ?

Avatar

Community Advisor

Hi All

 

   I have a requirement where I need to add a property in the below format for a tel: attribute as phone number in a tag for RTE. Note :- tel: prefix is enabled in Day CQ Link Checker Service, so normal tel: numbers will work fine. 

 

format :- tel:${someproperty['value']} 

 

 The issues I am facing are below. 

Issue 1) I need to add something like above as the tel: value in the RTE . 

tel.JPG

 

 

 

 

 

When I add this, I need this to be visible in my href in the HTML. This works fine when I use @CONTEXT="unsafe" , but I don't want to go that route yet. It might be my last resort. 

While using @CONTEXT="unsafe" 

tel-unsafe.JPG

 

 

 

 

 

 

While using @CONTEXT='html'

tel-html.JPG

 

 

 

 

 

 

 

 

What I have done? 

 

1. Added the below regex to /apps/cq/xssprotection/config.xml

tel1.JPG

 

2. Added this to href attribute

tel2.JPG

Even restarted the instance . Still I am not getting the property rendered in the HTML. I might be missing something here. Any help is appreciated . 

 

TIA
Veena

 

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi Veena

It seems you are planning to read the value from resourceMap but It may not work because of encoded values stores in CRX. e.g. 

<p><a href="tel:${someproperty[&#39;value&#39;]}" target="Target">link</a></p>

you may be able to get through with XSS issue by changing xssconfig file or using context unsafe.

 

I would suggest writing a logic at backend java to decode tel URL and return the actual value along with text e.g. tel:+491520000000

 

 

Thanks

Arun

 

 

 



Arun Patidar

View solution in original post

11 Replies

Avatar

Correct answer by
Community Advisor

Hi Veena

It seems you are planning to read the value from resourceMap but It may not work because of encoded values stores in CRX. e.g. 

<p><a href="tel:${someproperty[&#39;value&#39;]}" target="Target">link</a></p>

you may be able to get through with XSS issue by changing xssconfig file or using context unsafe.

 

I would suggest writing a logic at backend java to decode tel URL and return the actual value along with text e.g. tel:+491520000000

 

 

Thanks

Arun

 

 

 



Arun Patidar

Avatar

Community Advisor
@arunpatidar Actually I don't want to print the phone numbers . Another system will read my HTML and replace these properties. So my tel: should have a value something like tel:${someproperty['value']} . Also one thing is correct it is getting saved encoded and when I use unsafe I might have to decode and print it. But I wanted to check if there is any other way other than using unsafe.!?

Avatar

Community Advisor
Hi, Unsafe will not decode the value , in HTML source you will see the encoded value and your 3rd party/consumer has to decode.


Arun Patidar

Avatar

Community Advisor
@veena, I agree with Arun. If it is possible to map, just try to make it a simple static string in href="tel:othersystemvariable", do the logic from other system.

Avatar

Community Advisor
I used server side JS to decode the href. But the issue I faced after that was , the value was not getting retained in the dialog. It was getting removed. So I had to remove my approach of using RTE

Avatar

Community Advisor

Hi @VeenaVikraman 

 

Could you go to "Apache Sling XSS Filter" configuration using configMgr and open and save it

Once done, go to error.log file and check if there is any error related to XSS in updated rules from XSS file.

Avatar

Community Advisor

Hi @VeenaVikraman 

 

I think you should create a seperate log file with debug log level for the following package:
com.adobe.granite.xss
com.day.cq.xss
com.day.cq.xss.taglib
org.apache.sling.xss

This can help you to get the better picture.

 

 

Avatar

Employee Advisor

Have you tried adding htmlrules as a sibling to your rteplugin node.

 

 

<htmlRules jcr:primaryType="nt:unstructured">
 <links jcr:primaryType="nt:unstructured"
   ensureInternalLinkExt="{Boolean}false"
   protocols="[http://,https://,mailto:,tel:]"/>
 <docType jcr:primaryType="nt:unstructured">
   <typeConfig jcr:primaryType="nt:unstructured"
    useSemanticMarkup="{Boolean}true"/>
 </docType>
</htmlRules>

 

 

Avatar

Community Advisor
@Nirmal_Jose tel: works for me normally. I am having issue only with the above pattern I am trying to input in the tag

Avatar

Level 1

By any chance did you get a fix for

this ?? 

Thanks in advance, 

kiran