Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

Can we use @context='scriptComment' for including JS and html markup

Avatar

Level 5
Level 5
8/17/21 5:53:49 AM

Hi Team

 

As we should not use context=unsafe to prevent xss vulnerability , is it safe to use textarea field with values with some js code and html markup with context=scriptComment to prevent stripping of script tags

Views

1.5K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor and Adobe Champion
Community Advisor and Adobe Champion
8/19/21 12:32:00 PM

For HTML and JS, you should try using

${properties.customHTML @ context='html'}          <!--/* Use this in case you want to output HTML - Removes markup that may contain XSS risks */-->

${properties.cusomJS @ context='scriptString'}  <!--/* Applies JavaScript string escaping */-->

HTML Template Language Specification - https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md

Let me know how it goes,

Brian

View solution in original post

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Employee Advisor
Employee Advisor
8/17/21 6:00:35 AM

Hi @NehaCMS ,

 

I dont think there should be any issue using context= scriptComments

 

${properties.jcr:title @ context='scriptComment'} <!--/* Context for Javascript block comments. Outputs nothing if value break out of the comment context */-->

 

Hope this helps!!

Thanks

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor and Adobe Champion
Community Advisor and Adobe Champion
8/19/21 12:32:00 PM

For HTML and JS, you should try using

${properties.customHTML @ context='html'}          <!--/* Use this in case you want to output HTML - Removes markup that may contain XSS risks */-->

${properties.cusomJS @ context='scriptString'}  <!--/* Applies JavaScript string escaping */-->

HTML Template Language Specification - https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md

Let me know how it goes,

Brian

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Facing build issues after upgrading AEM SDK API to 2025.8 and JDK21 with test case build time

Views

82

Likes

0

Replies

0
how can we create the dropdown of custom styles in universal editor using aem app builder?

Views

114

Likes

0

Replies

0
interrupt a request to a load a page and the redirect if necessary

Views

330

Likes

0

Replies

4
Granite UI Time Field in AEM Dialog: How to Include Seconds Along with Hours and Minutes

Views

325

Likes

0

Replies

3
Local build and content installation is successful but no components/content displayed

Views

958

Likes

0

Replies

11