Adobe Experience Manager Sites & More

Scott

We can surely add the href attribute to xss config file and it will work. Issue is if they want all HTML tags to be allowed, we will end up updating the xss file every single time.

Is there a way to bypass this so that the xss filter does not strip the output on publisher? Or adding needed attributes to xss is the only way to do it.

Believe adding the attributes is the way to go.

In addition - we have updated Article to show use of HTML tags in a RTE that is part of a MF - see here - Adobe Experience Manager Help | Creating an AEM 6.2 HTML Template Language component that uses a Mul... (this is for AEM 6.2 - we will do the same for AEM 6.3 soon)

Worth reading:- XSS Filter issue with the target attribute of the a tag

// Copy /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml.

Open /apps/cq/xssprotection/config.xml.

In the common-attributes section, add the following target attribute declaration.

<attribute name="target>

<regexp-list>

   <regexp value="[a-zA-Z0-9-_\$]+" />

</regexp-list>

</attbribute>

ind the a tag declaration by searching the term <tag name="a".

Add the line below in the list of attributes:

<attribute name="target" />

Save the file. Now, the link will open in a new window if the option is selected.

Kautuk Sahni

Hi Techies, 

Everybody safe and good !

In Our RTE tocuhui we have custom link and it create proper <a href=''/> but while we save or check in Source Edit . Href attribute alone disappeared . We have checked the Href tag is available XSS configuration. anything we want to do.

<attribute name="href">
<regexp-list>
<regexp name="onsiteURL"/>
<regexp name="offsiteURL"/>
<regexp name="telURL"/>
</regexp-list>
</attribute>