Adobe Experience Manager Sites & More

NehaCMS · 8/17/21

Hi Team

As we should not use context=unsafe to prevent xss vulnerability , is it safe to use textarea field with values with some js code and html markup with context=scriptComment to prevent stripping of script tags

BrianKasingli · 8/19/21

For HTML and JS, you should try using

${properties.customHTML @ context='html'}          <!--/* Use this in case you want to output HTML - Removes markup that may contain XSS risks */-->

${properties.cusomJS @ context='scriptString'}  <!--/* Applies JavaScript string escaping */-->

HTML Template Language Specification - https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md

Let me know how it goes,

Brian

View solution in original post

Bimmi_Soi · 8/17/21

Hi @NehaCMS ,

I dont think there should be any issue using context= scriptComments

${properties.jcr:title @ context='scriptComment'}

Hope this helps!!

Thanks

BrianKasingli · 8/19/21

For HTML and JS, you should try using

${properties.customHTML @ context='html'}          <!--/* Use this in case you want to output HTML - Removes markup that may contain XSS risks */-->

${properties.cusomJS @ context='scriptString'}  <!--/* Applies JavaScript string escaping */-->

HTML Template Language Specification - https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md

Let me know how it goes,

Brian

Adobe Experience Manager Sites & More

Can we use @context='scriptComment' for including JS and html markup

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe