RTE Plugin modifying HTML || Removing JS functions like onClick=""

Accepted Solutions (1)

Accepted Solutions (1)




You'd need to overlay either or both based on how you've coded-

  1. /libs/cq/xssprotection/config.xml
  2. /libs/sling/xss/config.xml

Refer Re: links to ppt not working on OOB text component  for detailed configurations. Allow those specific characters that are printed in the logs -





Answers (4)

Answers (4)



Yes I am getting AntiSamy in logs

**** GET / org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The a tag contained an attribute that we could not process. The onclick attribute had a value of "openTab(event, 'All')". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.*****