In AEM 6.3 script tag is not getting saved when configured via RTE.
Below are the observations we noticed
1.If we tried giving <script></script> in source edit and come back to normal view within dialog before closing, script is removed,
this is fixed by doing changes in whitespaceprocessor.js by removing script
2. On click of dialog save, values are not getting retained in jcr:content node. script tag is getting removed.
And also src attribute for img tag is getting removed for few url's
below are the steps which helps us to solve few issues
1.We overlayed /apps/cq/xssprotection/config.xml which solves issue by adding required url.
2. This works only for few scenarios and fails if we are trying to use below img src tag
<img class='avia_image ' src='https://s3.amazonaws.com/cision-wp-files/us/wp-content/uploads/2018/03/12155415/marketing_content_2....' alt='' title='marketing_content_2' itemprop="contentURL" />
Help is Appreciated !!
We are using the standard OOTB component and just trying to add an HTML which contains a script tag , On saving the Dialog, the script tag and entire content within the script is getting stripped of , leaving only with HTML.
Does this answer to your query?
Thanks for you reply,
I had modified the whitespaceprocessor.js by referring to the solution given in below thread.
Even after trying the above solution the issue still exists.
Let us know what needs to be done further.
For the img tag inside the RTE wasn't a missing configuration inside the /libs/cq/xssprotection/config.xml
It was the /libs/clientlibs/granite/richtext/core/js/HtmlSerializer.js the one stripping out the src attribute from the img tag.