Hi,
I have requirement where I need to call a javascript function inside "href" of anchor tag in RTE. But, whenever I do this, the entire anchor tag vanishes on clicking OK. I suppose this is a CQ5 RTE out of the box feature.Can anyone suggest a way to overcome this ?
Thanks in advance :)
Subhra
Hi Subhra,
I suspect this actually isn't the RTE as much as it is XSS protection. You will need to reconfigure the XSS protection to allow this. By default, only a small number of javascript functions are allowed in the href attribute:
<literal-list> <literal value="javascript:history.go(0)"/> <literal value="javascript:history.go(-1)"/> <literal value="javascript:void(0)"/> <literal value="javascript:location.reload()"/> </literal-list>
See http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html#Protect%20against%20Cross-Site%20Scripting%20%28XSS%29 for more information around where to configure this.
Of course, doing what you are describing is opening up a security risk. You should think long and hard before doing it.
Good luck,
Justin
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
