Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Antisamy configuration locations

Avatar

Level 4

I see antisamy configuration in 2 locations.

  1. /libs/cq/xssprotection/config.xml
  2. /libs/sling/xss/config.xml

I was trying to add rule for custom tag for br tag. It worked only after I added rule to 2nd one. I would overlay the working one to apps, first tried locally in libs.

<tag name="br" action="validate"> <attribute name="aria-hidden"> <regexp-list> <regexp name="boolean"/> </regexp-list> </attribute> </tag>

Question is, what is the role of these two antisamy configuration locations, which one is correct location?

1 Accepted Solution

Avatar

Correct answer by
Employee

First one is the one you have to overlay.

Here an example of an article you can use: https://helpx.adobe.com/experience-manager/kb/target-attribut-issue-tag.html

View solution in original post

3 Replies

Avatar

Correct answer by
Employee

First one is the one you have to overlay.

Here an example of an article you can use: https://helpx.adobe.com/experience-manager/kb/target-attribut-issue-tag.html

Avatar

Level 4

Feike, thanks for your reply. It works. I did a mistake in first place while trying to do it in libs for the first option. There were few spaces at the start of XML and policy file loader was not working. After removing those spaces it works. But I am not clear on the role of second location. It seems it works from both locations. Documentation doesn't talks much about second location.

Avatar

Administrator

There are two xss protection config files:

/libs/cq/xssprotection/config.xml
/libs/sling/xss/config.xml
Sightly is using the second one, which means that you need to overlay it at path /apps/sling/xss/config.xml

Note:- What is worth mentioning is that new configuration seems to be applied only after restart of your aem instance.

Source:- http://stackoverflow.com/questions/39535342/rendering-telephone-links-in-htl-based-on-input-from-a-r...

~kautuk



Kautuk Sahni