Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

/libs/cq/xssprotection/config.xml vs /libs/sling/xss/config.xml

dan_stelmakh
Level 2
Level 2

We had a situation where ${properties.text @ context='html'} broke our page layout, because all empty div tags in the 'text' property were transformed into self-closing div tags:

<div class="btn"></div> -> <div class="btn" />

As the 'html' display context filters HTML to meet the AntiSamy policy rules, we decided to disable the 'useXHTML' directive​ in the AntiSamy configuration file.

It appeared that there are two locations with the same file in AEM:

  • /libs/cq/xssprotection/config.xml
  • /libs/sling/xss/config.xml

As per this discussion, the second one is used by HTL (aka Sightly). At the same time, the documentation says that the default AntiSamy configuration can be found using the first path. After some experiments we ended up overlaying /libs/cq/xssprotection/config.xml since it seems to be picked up after instance restarting.

I wonder what's the real difference between two locations for the AntiSamy configuration files?

2 Replies
alexanderl34874
Level 2
Level 2

Hey,

we had some issues regarding this topic, too. Out of a DayCare ticket we got the following answer:

At the end we got it working but have still different behaviour on different environments.

Could please somebody explain the difference between the two files (as the author of the question mentioned above)

Thanks

Alex