Expand my Community achievements bar.

SOLVED

Output HTML text entered as is instead of escaping it

Avatar

Level 5
Level 5
10/15/15 7:27:27 PM

We want the text component to be modified that "ANY" html should be interpreted as is. RTE doesn't allow say for example to insert <font style='10px'> etc. We want to create this as the authors are requesting complete control. As much as style and css are right options, the authors WANT that option available to ahve multiple formattings in same paragraph.

 

We've tried the following, 

<% String text2 = properties.get("text", "");
      out.print(text2);
%>
<cq:text property="text" escapeXml="true"/>

 

Both if text is <u>Sample text</u>

Do not interpret it and render it as is. However if we use <% out.println("<b>Sample</b>");%> it does work and makes the text bold. Is there a way to do this or the platform will ALWAYS deny it?

Views

1.3K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
10/15/15 7:27:27 PM

Hi,

The best thing to do is to modify the XSS Protection configuration to allow the font tag. See http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html#Protect%20against%....

Regards,

Justin

View solution in original post

Views

946

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Employee
Employee
10/15/15 7:27:27 PM

Hi,

The best thing to do is to modify the XSS Protection configuration to allow the font tag. See http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html#Protect%20against%....

Regards,

Justin

Views

947

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 5
Level 5
10/15/15 7:27:27 PM

Justin

How does the RTE work then? RTE allows you to bold and underline text. How does it bypass this rule setting?

Is it because all the allowed actions in RTE component are enabled in the configuration>

Views

993

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
10/15/15 7:27:27 PM

Correct - the HTML output by the standard RTE plugins is generally allowed under the default XSS protection configuration.

Views

946

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 8
Level 8
10/15/15 7:27:27 PM

Have you checked what is actually being persisted in the repository. The RTE will reformat HTML entered in the source edit option at times. Are you sure that the editor isn't changing your HTML before it's persisted? 

Views

1.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Is SVG extension supported in Adobe? Solved

Views

118

Likes

0

Replies

4
How effective is using Premium Dumps for Adobe Experience Manager certification prep? Any experiences to share? Solved

Views

220

Likes

0

Replies

5
Build fails: aQute/bnd/osgi/Analyzer has been compiled by a more recent version of the Java Runtime (class file version 61.0),

Views

272

Likes

0

Replies

9
Template is taking more time to load on first hit and not refreshed completely

Views

96

Likes

0

Replies

2
Page Temaplate and Page can't add component. there is no component list in my local.

Views

14

Likes

0

Replies

0