Leiste mit Community-Erfolgen erweitern.

Submissions are now open for the 2026 Adobe Experience Maker Awards.

Mark Solution

Diese Konversation wurde aufgrund von Inaktivität geschlossen. Bitte erstellen Sie einen neuen Post.

GELÖST

Anchor tag inside RTE not accepting javascript function call

Avatar

Ehemaliges Community-Mitglied

Hi,

I have requirement where I need to call a javascript function inside "href" of anchor tag in RTE. But, whenever I do this, the entire anchor tag vanishes on clicking OK. I suppose this is a CQ5 RTE out of the box feature.Can anyone suggest a way to overcome this ?

Thanks in advance 🙂

Subhra

1 Akzeptierte Lösung

Avatar

Korrekte Antwort von
Employee

Hi Subhra,

I suspect this actually isn't the RTE as much as it is XSS protection. You will need to reconfigure the XSS protection to allow this. By default, only a small number of javascript functions are allowed in the href attribute:

<literal-list> <literal value="javascript:history.go(0)"/> <literal value="javascript:history.go(-1)"/> <literal value="javascript:void(0)"/> <literal value="javascript:location.reload()"/> </literal-list>

 

See http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html#Protect%20against%20Cross-Si... for more information around where to configure this.

Of course, doing what you are describing is opening up a security risk. You should think long and hard before doing it.

Good luck,

Justin

Lösung in ursprünglichem Beitrag anzeigen

2 Antworten

Avatar

Korrekte Antwort von
Employee

Hi Subhra,

I suspect this actually isn't the RTE as much as it is XSS protection. You will need to reconfigure the XSS protection to allow this. By default, only a small number of javascript functions are allowed in the href attribute:

<literal-list> <literal value="javascript:history.go(0)"/> <literal value="javascript:history.go(-1)"/> <literal value="javascript:void(0)"/> <literal value="javascript:location.reload()"/> </literal-list>

 

See http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html#Protect%20against%20Cross-Si... for more information around where to configure this.

Of course, doing what you are describing is opening up a security risk. You should think long and hard before doing it.

Good luck,

Justin

Avatar

Ehemaliges Community-Mitglied

Hi Justin,

Thanks for your reply. I tried adding another literal value in the literal-list mentioning my function name but in vain. I also tried using the already existing javascript functions in the list, even those are getting stripped.

Can you suggest any other alternative ?

Thanks,

Subhra