Output HTML text entered as is instead of escaping it

Question

We want the text component to be modified that "ANY" html should be interpreted as is. RTE doesn't allow say for example to insert etc. We want to create this as the authors are requesting complete control. As much as style and css are right options, the authors WANT that option available to ahve multiple formattings in same paragraph.

We've tried the following,

<% String text2 = properties.get("text", "");
out.print(text2);
%>
<cq:text property="text" escapeXml="true"/>

Both if text is Sample text

Do not interpret it and render it as is. However if we use <% out.println("Sample");%> it does work and makes the text bold. Is there a way to do this or the platform will ALWAYS deny it?

JustinEd3 · Accepted Answer

Hi,The best thing to do is to modify the XSS Protection configuration to allow the font tag. Seehttp://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html#Protect%20against%20Cross-Site%20Scripting%20%28XSS%29.Regards,Justin

chetanvajre2014 · Answer

JustinHow does the RTE work then? RTE allows you to bold and underline text. How does it bypass this rule setting?Is it because all the allowed actions in RTE component are enabled in the configuration>

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded