Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Alt text issue in links in RTE when alt text has a special character

priyas5435226
Level 2
Level 2

Hi All,

In AEM 6.3 when i am trying to add special character in alt text field for a link in RTE, the hover functionality stops working and I don't see any alt text.When I have inspected <a> tag, I found that the title attribute from <a> tag is completely removed due to special character.Is there any way I can add special characters like '?',copyright in alt text.To render the RTE content to page I am using context as 'html' .

Thanks in advance.

1 Accepted Solution
Techaspect_Solu
Correct answer by
Level 7
Level 7

Hi,

Instead of using @ context = 'unsafe', it's good to use AntiSamy configuration file in CRXDE light to handle your use-case.

We've tested your use-case and it got resolved after following the below steps:

1) Copy /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml.

2) Open /apps/cq/xssprotection/config.xml.

3) In the config.xml file, search for common-attributes and add the following target attribute declaration.

<attribute name="title">

     <regexp-list>

           <regexp value="[a-zA-Z0-9-_\$]+" />

      </regexp-list>

</attbribute>

4) Search for the term <tag name="a" in the config.xml file.

5) Add the line below in the list of attributes:

<attribute name="title" />

6) Save the file. Now, test your use-case and the issue should be resolved.

Sample output:

xss-output.png

You can also find above steps in adobe helpx docs:

XSS Filter issue with the target attribute of the a tag

Hope this helps!

Regards,

TechAspect Solutions

View solution in original post

5 Replies
smacdonald2008
Level 10
Level 10

I do not think Special chars are supported in this use case.

priyas5435226
Level 2
Level 2

Is there any other way we can use special characters in alt text without using context as unsafe.

smacdonald2008
Level 10
Level 10

NOt that I am aware of. I avoid using special chars as much as possible,

Techaspect_Solu
Correct answer by
Level 7
Level 7

Hi,

Instead of using @ context = 'unsafe', it's good to use AntiSamy configuration file in CRXDE light to handle your use-case.

We've tested your use-case and it got resolved after following the below steps:

1) Copy /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml.

2) Open /apps/cq/xssprotection/config.xml.

3) In the config.xml file, search for common-attributes and add the following target attribute declaration.

<attribute name="title">

     <regexp-list>

           <regexp value="[a-zA-Z0-9-_\$]+" />

      </regexp-list>

</attbribute>

4) Search for the term <tag name="a" in the config.xml file.

5) Add the line below in the list of attributes:

<attribute name="title" />

6) Save the file. Now, test your use-case and the issue should be resolved.

Sample output:

xss-output.png

You can also find above steps in adobe helpx docs:

XSS Filter issue with the target attribute of the a tag

Hope this helps!

Regards,

TechAspect Solutions

View solution in original post