We had a situation where ${properties.text @ context='html'} broke our page layout, because all empty div tags in the 'text' property were transformed into self-closing div tags:
<div class="btn"></div> -> <div class="btn" />
As the 'html' display context filters HTML to meet the AntiSamy policy rules, we decided to disable the 'useXHTML' directive in the AntiSamy configuration file.
It appeared that there are two locations with the same file in AEM:
- /libs/cq/xssprotection/config.xml
- /libs/sling/xss/config.xml
As per this discussion, the second one is used by HTL (aka Sightly). At the same time, the documentation says that the default AntiSamy configuration can be found using the first path. After some experiments we ended up overlaying /libs/cq/xssprotection/config.xml since it seems to be picked up after instance restarting.
I wonder what's the real difference between two locations for the AntiSamy configuration files?
