I was reading the embed core component documentation and it mentions that all script and style elements as well as all on* and style attributes will be removed from the output. I was wondering what the best way to include styles would then be. I was checking for the style option on the component but it doesn't seem to be available or to be as dynamic as we hoped for (based on the documentation)
Hi @Jeanmaradiaga, may I know what styles are you expecting to be loaded?
--> If you would like to load the styles/script from the embedded source, you can overlay the /libs/cq/xssprotection/config.xml to your project and change it but it is not recommended as said in the document itself.
"Although the AntiSamy sanitation framework rules can be configured by overlaying /libs/cq/xssprotection/config.xml, these changes affect all HTL and JSP behavior and not just the Embed Core Component."
--> if you would load your custom styles, place your embed component inside a container, and apply your own styles/scripts through client libraries.
We are actually using option 2 at the moment, the only downside is that is still requires pushing code, we were hoping that we could find a solution where we can edit the styles right there on the page. I don't think overlaying the xss protection is a good idea as you mentioned, so I will discuss this with the team.