Hi,
I have a problem with the OOB text component not publishing the links to pps, ppsx or pps assets within the DAM on a page.
Currently when I add a link to the ppt, ppsx or pps assets in the DAM via the text component it does not keep the link to the asset in the DAM and returns an empty <a href> on the page like so:
The text component is OOB using sightly on an AEM 6.2 instance.
I've made sure that the ppt, ppsx and pps files have been published, can be accessed through the browser by the DAM link and is not showing as a broken link within the text component on my page. Also I have gone to my instance https://<server_name>/system/console/mimetypes and found the mimetype associated to the ppt, pps and pps.
Example here:
How can I get the OOB text component to keep the links to the ppt, pps and pps dam assets?
How are you getting the links - are you using PathFinder from a dialog?
Views
Replies
Total Likes
The above component that has links should be an HTL component that has text and a line for links so ppl can click it to download the asset.
Views
Replies
Total Likes
Yes Scott, I am using the pathfinder to grab the ppt, ppsx or pps assets from the dam to create the link.
I am also using the OOB text component that calls this text.js
All of the other examples I have on the page using the OOB text component allow the user to download the respective asset from the DAM. The other examples of assets from the DAM are the following: zip, .doc, .docx, .xlsx, .xls, .pptx, pps
Here is an example of the .doc working:
Also please see the text component itself:
change the context to 'unsafe' from 'html' and test if it works?
"${text.context == 'unsafe'}" rather than "${text.context == 'html'}"
If it works fine with unsafe then it's an issue with XSS/Antisamy policy configurations which you can override appropriately.
I've changed: "${text.context == 'unsafe'}" in the component to now be this:
<span style="line-height: 1.6em; font-weight: 300;">
<p data-sly-use.text="text.js" data-sly-unwrap="${text.context == 'unsafe'}" class="${text.cssClass}" data-emptytext="Text">${text.text @ context=text.context}</p>
</span>
However, the links to ppsx and ppt are still empty.
<a>Download Link</a>
does this ppt, ppsx have any scripts/embedded objects inside it which could be considered as unsecure by RTE/AEM?
do you see any errors/warnings in error.log file?
ah! yes.
15.01.2019 09:54:07.155 *INFO* [10.223.42.151 [1547574847149] GET /author/content/NVEnergy/en/test-2/file-test/jcr:content/content/columncontrol/col-cntrl-1/columncontrol_1784891259/col-cntrl-2/text_copy_copy.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The a tag contained an attribute that we could not process. The href attribute had a value of "/content/dam/nvenergy/brochures_arch/test-2/MPB_Sponsor Slide 2_2018.ppt". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.
How do I correct/handle this so that the warning does not occur?
Is the place to make the corrections found here?
Views
Replies
Total Likes
Yes, overlay it to /apps folder and make the changes in
/apps/sling/xss/config.xml
Views
Replies
Total Likes
Done, Is this the correct change?
<attribute name="target>
<regexp-list>
<regexp value="[a-zA-Z0-9-_\$]+" />
</regexp-list>
</attbribute>
Views
Replies
Total Likes
this attribute must be within <a> tag definition
<tag name="a" action="validate">
include forward slash and a dot as it is present in your target link along with underscore
[a-zA-Z0-9-_/\.$]
Views
Replies
Total Likes
I have made this change on this file /apps/sling/xss/config.xml :
<tag name="a" action="validate">
<!-- onInvalid="filterTag" has been removed as per suggestion at OWASP SJ 2007 - just "name" is valid -->
<attribute name="href"/>
<attribute name="onFocus"/>
<attribute name="onBlur"/>
<attribute name="nohref">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="rel">
<literal-list>
<literal value="nofollow"/>
</literal-list>
</attribute>
<attribute name="name"/>
<attribute name="target">
<regexp-list>
<regexp value="[a-zA-Z0-9-_/\$]+" />
</regexp-list>
</attribute >
</tag>
But nothing has changed, it still returns the error in the log and the href is blank. Does the authoring instance need to be restarted? Or am I missing a step?
Views
Replies
Total Likes
Could you check the error.log again or try with a different link?
"/content/dam/nvenergy/brochures_arch/test-2/MPB_Spon sor Slide 2_2018.ppt".
/ = slash
. = dot
- = hyphen
_ = underscore
dot is still missing in regex
Views
Replies
Total Likes
The ppt works now that I have linked it to another file and added the . into the regex. ppsx is not working but I believe once I have another example from the client it should be solved. Thank you for the help.
Views
Replies
Total Likes
I am glad that you have it working.
I am not very clear with your questions. What do you mean by "adding links to the PPT", is it links to the text? How are you adding these links?
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies