Adobe Experience Manager Sites & More

RTE component

html being frame on java contains <svg> tag. The same is getting blocked by xss protection.

Error : org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The svg tag has been filtered for security reasons. The contents of the tag will remain in place.

I have already added <svg> tag and its attributes on config.xml.

Also overlayed it from /libs/cq/xssprotection/config.xml

<tag name="svg" action="validate">
<attribute name="width" />
<attribute name="height" />
<attribute name="role">
<regexp-list>
<regexp name="*"/>
</regexp-list>
</attribute>
<attribute name="xmlns">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<tag name="use" action="validate">
<attribute name="href" />
<attribute name="x">
<regexp-list>
<regexp name="number"/>
</regexp-list>
</attribute>
<attribute name="y">
<regexp-list>
<regexp name="number"/>
</regexp-list>
</attribute>
<attribute name="xmlns:link">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="xlink:href">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
</tag>
</tag>