Adobe Experience Manager Sites & More

ravi_shankerj14 · 11/20/20

Hi there,

Our requirement is to use "aria-label" attribute in anchor tag in source edit of RTE component. We have also tried by overlaying the "xssprotection/config.xml" and adding this attribute to the tag but still unable to resolve the issue.

changes we have done in config.xml:

<attribute name="href"/>
<attribute name="aria-label">
<regexp-list>
<regexp value="anything"/>
</regexp-list>
</attribute>
<attribute name="onFocus"/>
<attribute name="onBlur"/>
<attribute name="nohref">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="rel">
<literal-list>
<literal value="nofollow"/>
</literal-list>
</attribute>
<attribute name="name"/>
<attribute name="target" />
<attribute name="onclick">
<literal-list>
<literal value="CQ_Analytics.Sitecatalyst.customTrack(this)"/>
</literal-list>
</attribute>
<attribute name="adhocenable">
<literal-list>
<literal value="true"/>
<literal value="false"/>
</literal-list>
</attribute>
<attribute name="adhocevents">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="adhocevars">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>

<attribute name="data-nl-type">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="data-nl-landingpage">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="data-nl-landingpagelabel">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="data-nl-landingpagedynamicservice">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="data-nl-service">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
<attribute name="data-nl-servicelabel">
<regexp-list>
<regexp name="anything"/>
</regexp-list>
</attribute>
</tag>

shelly-goel · 11/22/20

@ravi_shankerj14 To be able to allow a new html attribute in richtext sourceedit, whitelisting it in the xssprotection config should make it work. It works for me when I tried it in WKND pages with new attribute added in /apps/cq/xssprotection/config.xml

Few things to try at your end:

1. Try adding just the aria-label attribute under a tag in libs xssprotection config and test if that works. If not, you can also try checking on sample WKND content (it might not be working due to richtext customization or project specific code/ content)

2. If that works then check if the overlay is correct in apps, it might be worth checking if you have other changes in this overlay that works but aria-label doesn't or none of the custom changes work. There might be issues with the overlaid file.

View solution in original post

arunpatidar · 11/22/20

Hi,

pleasefollow the below article to add new attribute in link plugin

http://experience-aem.blogspot.com/2017/09/aem-63-touch-ui-extend-rich-text-link-dialog-add-rel-sele...

Arun Patidar

shelly-goel · 11/22/20

@ravi_shankerj14 To be able to allow a new html attribute in richtext sourceedit, whitelisting it in the xssprotection config should make it work. It works for me when I tried it in WKND pages with new attribute added in /apps/cq/xssprotection/config.xml

Few things to try at your end:

1. Try adding just the aria-label attribute under a tag in libs xssprotection config and test if that works. If not, you can also try checking on sample WKND content (it might not be working due to richtext customization or project specific code/ content)

2. If that works then check if the overlay is correct in apps, it might be worth checking if you have other changes in this overlay that works but aria-label doesn't or none of the custom changes work. There might be issues with the overlaid file.

Adobe Experience Manager Sites & More

whitelist aria label in xss protection

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe