Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

AEM Text component Source Edit doesn't allow to have Id with "?"

Avatar

Level 2

Am seeing some issues with id attribute in AEM rich text editor.

 

IN RTE if i use the the following:

<h2 id="how">Hello</h2> -- Works well.

 

Second case:

 

<h2 id="how?">Hello</h2>

in source edit once you try to edit again, it becomes

<h2>Hello</h2>

 

id with "?" is not allowed it seems in Richtext, i need to allow it, as in normal html its allowed.

 

Has anyone seen this issue.

Need a Quick solution.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @ArindamPatra15 
This is disabled due to XSS protection

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/implementing/developing/int... 

 

<attribute name="id" description="The 'id' of any HTML attribute should not contain anything besides letters and numbers">
			<regexp-list>
				<regexp name="htmlId"/>
			</regexp-list>
		</attribute>

 

<regexp name="htmlId" value="[a-zA-Z0-9\:\-_\.]+"/>

To add exception, you may need to overlay /libs/cq/xssprotection/config.xml and change the htmlId regexp



Arun Patidar

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi @ArindamPatra15 
This is disabled due to XSS protection

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/implementing/developing/int... 

 

<attribute name="id" description="The 'id' of any HTML attribute should not contain anything besides letters and numbers">
			<regexp-list>
				<regexp name="htmlId"/>
			</regexp-list>
		</attribute>

 

<regexp name="htmlId" value="[a-zA-Z0-9\:\-_\.]+"/>

To add exception, you may need to overlay /libs/cq/xssprotection/config.xml and change the htmlId regexp



Arun Patidar

Avatar

Level 9

@ArindamPatra15 I would advise not to go around this XSS protection as Cross-site scripting is one of the easiest ways for bad actors to bypass access controls.

 

If you have a valid use case, try working around it to find a different way to implement rather than by working around security protocols.