We want the text component to be modified that "ANY" html should be interpreted as is. RTE doesn't allow say for example to insert <font style='10px'> etc. We want to create this as the authors are requesting complete control. As much as style and css are right options, the authors WANT that option available to ahve multiple formattings in same paragraph.
We've tried the following,
<% String text2 = properties.get("text", "");
out.print(text2);
%>
<cq:text property="text" escapeXml="true"/>
Both if text is <u>Sample text</u>
Do not interpret it and render it as is. However if we use <% out.println("<b>Sample</b>");%> it does work and makes the text bold. Is there a way to do this or the platform will ALWAYS deny it?
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
The best thing to do is to modify the XSS Protection configuration to allow the font tag. See http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html#Protect%20against%....
Regards,
Justin
Views
Replies
Total Likes
Hi,
The best thing to do is to modify the XSS Protection configuration to allow the font tag. See http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html#Protect%20against%....
Regards,
Justin
Views
Replies
Total Likes
Justin
How does the RTE work then? RTE allows you to bold and underline text. How does it bypass this rule setting?
Is it because all the allowed actions in RTE component are enabled in the configuration>
Views
Replies
Total Likes
Correct - the HTML output by the standard RTE plugins is generally allowed under the default XSS protection configuration.
Views
Replies
Total Likes
Have you checked what is actually being persisted in the repository. The RTE will reformat HTML entered in the source edit option at times. Are you sure that the editor isn't changing your HTML before it's persisted?
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies