RTE Plugin modifying HTML || Removing JS functions like onClick=""

Accepted Solutions (1)

Accepted Solutions (1)

Gaurav-Behl

MVP

21-02-2019

You'd need to overlay either or both based on how you've coded-

  1. /libs/cq/xssprotection/config.xml
  2. /libs/sling/xss/config.xml

Refer Re: links to ppt not working on OOB text component  for detailed configurations. Allow those specific characters that are printed in the logs -

(

,

'

)

Answers (4)

Answers (4)

sagarv13144480

20-02-2019

Yes I am getting AntiSamy in logs

**** GET / org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The a tag contained an attribute that we could not process. The onclick attribute had a value of "openTab(event, 'All')". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.*****