Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Output HTML text entered as is instead of escaping it

chetanvajre2014
Level 5
Level 5

We want the text component to be modified that "ANY" html should be interpreted as is. RTE doesn't allow say for example to insert <font style='10px'> etc. We want to create this as the authors are requesting complete control. As much as style and css are right options, the authors WANT that option available to ahve multiple formattings in same paragraph.

 

We've tried the following, 

<% String text2 = properties.get("text", "");
      out.print(text2);
%>
<cq:text property="text" escapeXml="true"/>

 

Both if text is <u>Sample text</u>

Do not interpret it and render it as is. However if we use <% out.println("<b>Sample</b>");%> it does work and makes the text bold. Is there a way to do this or the platform will ALWAYS deny it?

1 Accepted Solution
justin_at_adobe
Correct answer by
Employee
Employee

Hi,

The best thing to do is to modify the XSS Protection configuration to allow the font tag. See http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html#Protect%20against%....

Regards,

Justin

View solution in original post

4 Replies
justin_at_adobe
Correct answer by
Employee
Employee

Hi,

The best thing to do is to modify the XSS Protection configuration to allow the font tag. See http://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html#Protect%20against%....

Regards,

Justin

chetanvajre2014
Level 5
Level 5

Justin

How does the RTE work then? RTE allows you to bold and underline text. How does it bypass this rule setting?

Is it because all the allowed actions in RTE component are enabled in the configuration>

justin_at_adobe
Employee
Employee

Correct - the HTML output by the standard RTE plugins is generally allowed under the default XSS protection configuration.

Paul_McMahon
Level 8
Level 8

Have you checked what is actually being persisted in the repository. The RTE will reformat HTML entered in the source edit option at times. Are you sure that the editor isn't changing your HTML before it's persisted?