Adobe Experience Manager Sites & More

harishv99010453 · ‎10-05-2018

We have issue where the href is getting stripped off from the RTE with the below info printed in logs. Actual value we are providing in href - "/shop/en/abc/dog/dog-treats-and-chews#facet:-7000000000000000030751011011123277101327297112112121&productBeginIndex:0&orderBy:&pageView:&minPrice:&maxPrice:&pageSize:&"

08.05.2018 21:40:42.200 *INFO* [69.195.220.141 [1525815642198] GET /content/abc/abc/en_US/espots/test-rte/jcr:content/par.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The a tag contained an attribute that we could not process. The href attribute had a value of "/shop/en/abc/dog/dog-treats-and-chews#facet:-7000000000000000030751011011123277101327297112112121&productBeginIndex:0&orderBy:&pageView:&minPrice:&maxPrice:&pageSize:&". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.

Any solution ?

kautuk_sahni · ‎11-05-2018

Is there a validation or mandatory field as well in the dialog? Or RTE is in multifield?

I would request you to please provide the a package to reproduce this.

-Kautuk

harishv99010453 · ‎11-05-2018

Here is the rich text dialog

<?xml version="1.0" encoding="UTF-8"?>

<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:cq="http://www.day.com/jcr/cq/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:nt="http://www.jcp.org/jcr/nt/1.0"

jcr:primaryType="nt:unstructured"

jcr:title="RichText Component"

sling:resourceType="cq/gui/components/authoring/dialog"

extraClientlibs="[rte.dialog.styles]"

helpPath="en/cq/current/wcm/default_components.html#Carousel">

<content

jcr:primaryType="nt:unstructured"

sling:resourceType="granite/ui/components/coral/foundation/container"

class="dialog_width">

<tabs

jcr:primaryType="nt:unstructured"

sling:resourceType="granite/ui/components/coral/foundation/tabs"

maximized="{Boolean}true">

<text

jcr:primaryType="nt:unstructured"

jcr:title="Text"

sling:resourceType="granite/ui/components/coral/foundation/fixedcolumns">

<column

jcr:primaryType="nt:unstructured"

sling:resourceType="granite/ui/components/coral/foundation/container">

<text

jcr:primaryType="nt:unstructured"

sling:resourceType="cq/gui/components/authoring/dialog/richtext"

fieldLabel="Enter Text"

name="./text"

useFixedInlineToolbar="{Boolean}true">

<format

jcr:primaryType="nt:unstructured"

features="*"/>

<justify

jcr:primaryType="nt:unstructured"

features="*"/>

<lists

jcr:primaryType="nt:unstructured"

features="*"/>

<links

jcr:primaryType="nt:unstructured"

features="*"/>

<subsuperscript

jcr:primaryType="nt:unstructured"

features="*"/>

<paraformat

jcr:primaryType="nt:unstructured"

features="*">

<paragraph

jcr:primaryType="cq:WidgetCollection"

description="Paragraph"

tag="p"/>

<heading1

jcr:primaryType="cq:WidgetCollection"

description="Heading 1"

tag="h1"/>

<heading2

jcr:primaryType="cq:WidgetCollection"

description="Heading 2"

tag="h2"/>

<heading3

jcr:primaryType="cq:WidgetCollection"

description="Heading 3"

tag="h3"/>

<heading4

jcr:primaryType="cq:WidgetCollection"

description="Heading 4"

tag="h4"/>

</formats>

</paraformat>

<styles

jcr:primaryType="nt:unstructured"

features="*">

<fa-map-marker

jcr:primaryType="nt:unstructured"

cssName="fa fa-map-marker"

text="Font Awesome Map Marker"/>

</styles>

<edit

jcr:primaryType="nt:unstructured"

features="*"/>

<findreplace

jcr:primaryType="nt:unstructured"

features="*"/>

<undo

jcr:primaryType="nt:unstructured"

features="*"/>

<spellcheck

jcr:primaryType="nt:unstructured"

features="*"/>

<table

jcr:primaryType="nt:unstructured"

features="*"/>

<misctools

jcr:primaryType="nt:unstructured"

features="*"/>

</rtePlugins>

<inline

jcr:primaryType="nt:unstructured"

toolbar="[#format,-,#justify,-,#lists,-,links#modifylink,links#unlink,links#anchor,-,subsuperscript#superscript,subsuperscript#subscript,-,#paraformat,#styles,-,edit#cut,edit#copy,edit#paste-plaintext,edit#paste-default,edit#paste-wordhtml,-,undo#undo,undo#redo,-,findreplace#find,findreplace#replace,-,spellcheck#checktext,-,misctools#sourceedit,-,table#createoredit]">

<format

jcr:primaryType="nt:unstructured"

items="[format#bold,format#italic,format#underline]"

ref="format"/>

<justify

jcr:primaryType="nt:unstructured"

items="[justify#justifyleft,justify#justifycenter,justify#justifyright]"

ref="justify"/>

<lists

jcr:primaryType="nt:unstructured"

items="[lists#unordered,lists#ordered,lists#outdent,lists#indent]"

ref="lists"/>

<paraformat

jcr:primaryType="nt:unstructured"

items="paraformat:getFormats:paraformat-pulldown"

ref="paraformat"/>

<styles

jcr:primaryType="nt:unstructured"

items="styles:getStyles:styles-pulldown"

ref="styles"/>

</popovers>

</inline>

<tableEditOptions

jcr:primaryType="nt:unstructured"

toolbar="[table#insertcolumn-before,table#insertcolumn-after,table#removecolumn,-,table#insertrow-before,table#insertrow-after,table#removerow,-, table#mergecells-right,table#mergecells-down,table#mergecells,table#splitcell-horizontal,table#splitcell-vertical,-,table#selectrow, table#selectcolumn,-,table#ensureparagraph,-,table#modifytableandcell,table#removetable,-,undo#undo,undo#redo,-,table#exitTableEditing]"/>

</cui>

</uiSettings>

</text>

</items>

</column>

</items>

</text>

</items>

</tabs>

</items>

</content>

</jcr:root>

smacdonald2008 · ‎11-05-2018

Can you package up a component in an AEM Package - and put in a README. put this onto a Google drive and post back here. That way - the community can test your package.

Kunwar · ‎11-05-2018

Such a value as an href doesn't make sense to me but in the exception says that xss filter can't accept the value so you need to adjust the antisamy configuration

See (1) how can adjust the config per your requirement

XSS Filter issue with the target attribute of the a tag