Expand my Community achievements bar.

links to ppt not working on OOB text component

Avatar

Level 2

Hi,

I have a problem with the OOB text component not publishing the links to pps, ppsx or pps assets within the DAM on a page.

Currently when I add a link to the ppt, ppsx or pps assets in the DAM via the text component it does not keep the link to the asset in the DAM and returns an empty <a href> on the page like so:

1668130_pastedImage_0.png

The text component is OOB using sightly on an AEM 6.2 instance.

I've made sure that the ppt, ppsx and pps files have been published, can be accessed through the browser by the DAM link and is not showing as a broken link within the text component on my page. Also I have gone to my instance https://<server_name>/system/console/mimetypes and found the mimetype associated to the ppt, pps and pps.

Example here:

1668266_pastedImage_4.png

1668267_pastedImage_5.png

How can I get the OOB text component to keep the links to the ppt, pps and pps dam assets?

17 Replies

Avatar

Level 10

How are you getting the links - are you using PathFinder from a dialog?

Avatar

Level 10

The above component that has links should be an HTL component that has text and a line for links so ppl can click it to download the asset.

Avatar

Level 2

Yes Scott, I am using the pathfinder to grab the ppt, ppsx or pps assets from the dam to create the link.

link selection..PNG
I am also using the OOB text component that calls this text.js

textjs.PNG

All of the other examples I have on the page using the OOB text component allow the user to download the respective asset from the DAM. The other examples of assets from the DAM are the following: zip, .doc, .docx, .xlsx, .xls, .pptx, pps

Here is an example of the .doc working:

1668832_pastedImage_4.png

Avatar

Level 10

change the context to 'unsafe' from 'html' and test if it works?

"${text.context == 'unsafe'}" rather than "${text.context == 'html'}"

If it works fine with unsafe then it's an issue with XSS/Antisamy policy configurations which you can override appropriately.

Avatar

Level 2

I've changed:  "${text.context == 'unsafe'}" in the component to now be this:

<span style="line-height: 1.6em; font-weight: 300;">

<p data-sly-use.text="text.js" data-sly-unwrap="${text.context == 'unsafe'}" class="${text.cssClass}" data-emptytext="Text">${text.text @ context=text.context}</p>

</span>

However, the links to ppsx and ppt are still empty.

<a>Download Link</a>

Avatar

Level 10

does this ppt, ppsx have any scripts/embedded objects inside it which could be considered as unsecure by RTE/AEM?

do you see any errors/warnings in error.log file?

Avatar

Level 2

ah! yes.

15.01.2019 09:54:07.155 *INFO* [10.223.42.151 [1547574847149] GET /author/content/NVEnergy/en/test-2/file-test/jcr:content/content/columncontrol/col-cntrl-1/columncontrol_1784891259/col-cntrl-2/text_copy_copy.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The a tag contained an attribute that we could not process. The href attribute had a value of "&#47;content&#47;dam&#47;nvenergy&#47;brochures&#95;arch&#47;test&#45;2&#47;MPB&#95;Sponsor Slide 2&#95;2018&#46;ppt". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.

How do I correct/handle this so that the warning does not occur?

Avatar

Level 2

Is the place to make the corrections found here?

  1. /libs/cq/xssprotection/config.xml
  2. /libs/sling/xss/config.xml

Avatar

Level 10

Yes, overlay it to /apps folder and make the changes in

/apps/sling/xss/config.xml

Avatar

Level 2

Done, Is this the correct change?

<attribute name="target>

<regexp-list>

   <regexp value="[a-zA-Z0-9-_\$]+" />

</regexp-list>

</attbribute>

Avatar

Level 10

this attribute must be within <a> tag definition

<tag name="a" action="validate">

include forward slash and a dot as it is present in your target link along with underscore

[a-zA-Z0-9-_/\.$]

Avatar

Level 2

I have made this change on this file /apps/sling/xss/config.xml :

       <tag name="a" action="validate">

           <!--  onInvalid="filterTag" has been removed as per suggestion at OWASP SJ 2007 - just "name" is valid -->

            <attribute name="href"/>

            <attribute name="onFocus"/>

            <attribute name="onBlur"/>

            <attribute name="nohref">

                <regexp-list>

                    <regexp name="anything"/>

                </regexp-list>

            </attribute>

            <attribute name="rel">

                <literal-list>

                    <literal value="nofollow"/>

                </literal-list>

            </attribute>

            <attribute name="name"/>

            <attribute name="target">

                <regexp-list>

                    <regexp value="[a-zA-Z0-9-_/\$]+" />

                 </regexp-list>

             </attribute >

        </tag>

But nothing has changed, it still returns the error in the log and the href is blank. Does the authoring instance need to be restarted? Or am I missing a step?

Avatar

Level 10

Could you check the error.log again or try with a different link?

"&#47;content&#47;dam&#47;nvenergy&#47;brochures&#95;arch&#47;test&#45;2&#47;MPB&#95;Spon sor Slide 2&#95;2018&#46;ppt".

&#47; = slash

&#46; = dot

&#45; = hyphen

&#95; = underscore

dot is still missing in regex

Avatar

Level 2

The ppt works now that I have linked it to another file and added the . into the regex. ppsx is not working but I believe once I have another example from the client it should be solved. Thank you for the help.

Avatar

Administrator

I am not very clear with your questions. What do you mean by "adding links to the PPT", is it links to the text? How are you adding these links?



Kautuk Sahni