Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Alt text issue in links in RTE when alt text has a special character

Avatar

Level 2

Hi All,

In AEM 6.3 when i am trying to add special character in alt text field for a link in RTE, the hover functionality stops working and I don't see any alt text.When I have inspected <a> tag, I found that the title attribute from <a> tag is completely removed due to special character.Is there any way I can add special characters like '?',copyright in alt text.To render the RTE content to page I am using context as 'html' .

Thanks in advance.

1 Accepted Solution

Avatar

Correct answer by
Level 7

Hi,

Instead of using @ context = 'unsafe', it's good to use AntiSamy configuration file in CRXDE light to handle your use-case.

We've tested your use-case and it got resolved after following the below steps:

1) Copy /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml.

2) Open /apps/cq/xssprotection/config.xml.

3) In the config.xml file, search for common-attributes and add the following target attribute declaration.

<attribute name="title">

     <regexp-list>

           <regexp value="[a-zA-Z0-9-_\$]+" />

      </regexp-list>

</attbribute>

4) Search for the term <tag name="a" in the config.xml file.

5) Add the line below in the list of attributes:

<attribute name="title" />

6) Save the file. Now, test your use-case and the issue should be resolved.

Sample output:

xss-output.png

You can also find above steps in adobe helpx docs:

XSS Filter issue with the target attribute of the a tag

Hope this helps!

Regards,

TechAspect Solutions

View solution in original post

5 Replies

Avatar

Level 10

I do not think Special chars are supported in this use case.

Avatar

Level 2

Is there any other way we can use special characters in alt text without using context as unsafe.

Avatar

Level 10

NOt that I am aware of. I avoid using special chars as much as possible,

Avatar

Correct answer by
Level 7

Hi,

Instead of using @ context = 'unsafe', it's good to use AntiSamy configuration file in CRXDE light to handle your use-case.

We've tested your use-case and it got resolved after following the below steps:

1) Copy /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml.

2) Open /apps/cq/xssprotection/config.xml.

3) In the config.xml file, search for common-attributes and add the following target attribute declaration.

<attribute name="title">

     <regexp-list>

           <regexp value="[a-zA-Z0-9-_\$]+" />

      </regexp-list>

</attbribute>

4) Search for the term <tag name="a" in the config.xml file.

5) Add the line below in the list of attributes:

<attribute name="title" />

6) Save the file. Now, test your use-case and the issue should be resolved.

Sample output:

xss-output.png

You can also find above steps in adobe helpx docs:

XSS Filter issue with the target attribute of the a tag

Hope this helps!

Regards,

TechAspect Solutions