Expand my Community achievements bar.

SOLVED

AEM Text component Source Edit doesn't allow to have Id with "?"

Avatar

Level 2
Level 2
8/28/24 5:42:29 AM

Am seeing some issues with id attribute in AEM rich text editor.

 

IN RTE if i use the the following:

<h2 id="how">Hello</h2> -- Works well.

 

Second case:

 

<h2 id="how?">Hello</h2>

in source edit once you try to edit again, it becomes

<h2>Hello</h2>

 

id with "?" is not allowed it seems in Richtext, i need to allow it, as in normal html its allowed.

 

Has anyone seen this issue.

Need a Quick solution.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager as a Cloud Service Rich Text Editor

Views

244

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/28/24 7:01:01 AM

Hi @ArindamPatra15 
This is disabled due to XSS protection

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/implementing/developing/int... 

 

<attribute name="id" description="The 'id' of any HTML attribute should not contain anything besides letters and numbers">
			<regexp-list>
				<regexp name="htmlId"/>
			</regexp-list>
		</attribute>

 

<regexp name="htmlId" value="[a-zA-Z0-9\:\-_\.]+"/>

To add exception, you may need to overlay /libs/cq/xssprotection/config.xml and change the htmlId regexp



Arun Patidar

View solution in original post

Views

214

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
8/28/24 7:01:01 AM

Hi @ArindamPatra15 
This is disabled due to XSS protection

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/implementing/developing/int... 

 

<attribute name="id" description="The 'id' of any HTML attribute should not contain anything besides letters and numbers">
			<regexp-list>
				<regexp name="htmlId"/>
			</regexp-list>
		</attribute>

 

<regexp name="htmlId" value="[a-zA-Z0-9\:\-_\.]+"/>

To add exception, you may need to overlay /libs/cq/xssprotection/config.xml and change the htmlId regexp



Arun Patidar

Views

215

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
8/28/24 2:29:22 PM
In response to arunpatidar

@ArindamPatra15 I would advise not to go around this XSS protection as Cross-site scripting is one of the easiest ways for bad actors to bypass access controls.

 

If you have a valid use case, try working around it to find a different way to implement rather than by working around security protocols.

 

 

Views

191

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Passing parameters to Sling Model methods Solved

Views

89

Likes

0

Replies

2
Best Site Search Engine with AEM

Views

47

Likes

0

Replies

2
TemplatedResource binding to Resource

Views

106

Likes

0

Replies

7
Sitecore to AEM cloud migration reference implementation

Views

53

Likes

0

Replies

0
How to fix "Cannot read properties of undefined (reading 'registerLayer')" in Authoring?

Views

154

Likes

0

Replies

2