Highlighted

/libs/cq/xssprotection/config.xml vs /libs/sling/xss/config.xml

Avatar

Avatar

dan_stelmakh

Avatar

dan_stelmakh

dan_stelmakh

19-03-2018

We had a situation where ${properties.text @ context='html'} broke our page layout, because all empty div tags in the 'text' property were transformed into self-closing div tags:

<div class="btn"></div> -> <div class="btn" />

As the 'html' display context filters HTML to meet the AntiSamy policy rules, we decided to disable the 'useXHTML' directive​ in the AntiSamy configuration file.

It appeared that there are two locations with the same file in AEM:

  • /libs/cq/xssprotection/config.xml
  • /libs/sling/xss/config.xml

As per this discussion, the second one is used by HTL (aka Sightly). At the same time, the documentation says that the default AntiSamy configuration can be found using the first path. After some experiments we ended up overlaying /libs/cq/xssprotection/config.xml since it seems to be picked up after instance restarting.

I wonder what's the real difference between two locations for the AntiSamy configuration files?

Replies

Highlighted

Avatar

Avatar

alexanderl34874

Avatar

alexanderl34874

alexanderl34874

18-06-2018

Hey,

we had some issues regarding this topic, too. Out of a DayCare ticket we got the following answer:

At the end we got it working but have still different behaviour on different environments.

Could please somebody explain the difference between the two files (as the author of the question mentioned above)

Thanks

Alex

Highlighted

Avatar

Avatar

gvaem

Avatar

gvaem

gvaem

07-08-2020

I have the same problem. could someone explain the difference?