Hi All
I have a requirement where I need to add a property in the below format for a tel: attribute as phone number in a tag for RTE. Note :- tel: prefix is enabled in Day CQ Link Checker Service, so normal tel: numbers will work fine.
format :- tel:${someproperty['value']}
The issues I am facing are below.
Issue 1) I need to add something like above as the tel: value in the RTE .
When I add this, I need this to be visible in my href in the HTML. This works fine when I use @CONTEXT="unsafe" , but I don't want to go that route yet. It might be my last resort.
While using @CONTEXT="unsafe"
While using @CONTEXT='html'
What I have done?
1. Added the below regex to /apps/cq/xssprotection/config.xml
2. Added this to href attribute
Even restarted the instance . Still I am not getting the property rendered in the HTML. I might be missing something here. Any help is appreciated .
TIA
Veena
Solved! Go to Solution.
Views
Replies
Total Likes
Hi Veena
It seems you are planning to read the value from resourceMap but It may not work because of encoded values stores in CRX. e.g.
<p><a href="tel:${someproperty['value']}" target="Target">link</a></p>
you may be able to get through with XSS issue by changing xssconfig file or using context unsafe.
I would suggest writing a logic at backend java to decode tel URL and return the actual value along with text e.g. tel:+491520000000
Thanks
Arun
Hi Veena
It seems you are planning to read the value from resourceMap but It may not work because of encoded values stores in CRX. e.g.
<p><a href="tel:${someproperty['value']}" target="Target">link</a></p>
you may be able to get through with XSS issue by changing xssconfig file or using context unsafe.
I would suggest writing a logic at backend java to decode tel URL and return the actual value along with text e.g. tel:+491520000000
Thanks
Arun
Views
Replies
Total Likes
Views
Replies
Total Likes
Views
Replies
Total Likes
Views
Replies
Total Likes
Could you go to "Apache Sling XSS Filter" configuration using configMgr and open and save it
Once done, go to error.log file and check if there is any error related to XSS in updated rules from XSS file.
Views
Replies
Total Likes
I think you should create a seperate log file with debug log level for the following package:
com.adobe.granite.xss
com.day.cq.xss
com.day.cq.xss.taglib
org.apache.sling.xss
This can help you to get the better picture.
Views
Replies
Total Likes
Have you tried adding htmlrules as a sibling to your rteplugin node.
<htmlRules jcr:primaryType="nt:unstructured">
<links jcr:primaryType="nt:unstructured"
ensureInternalLinkExt="{Boolean}false"
protocols="[http://,https://,mailto:,tel:]"/>
<docType jcr:primaryType="nt:unstructured">
<typeConfig jcr:primaryType="nt:unstructured"
useSemanticMarkup="{Boolean}true"/>
</docType>
</htmlRules>
Views
Replies
Total Likes
By any chance did you get a fix for
this ??
Thanks in advance,
kiran
Views
Replies
Total Likes