Highlighted

Script issue with RTE

Avatar

Avatar

Syeda_Yasmeen_B

Avatar

Syeda_Yasmeen_B

Syeda_Yasmeen_B

04-04-2018

In AEM 6.3 script tag is not getting saved when configured via RTE.

Below are the observations we noticed

1.If we tried giving <script></script> in source edit and come back to normal view within dialog before closing, script is removed,

this is fixed by doing changes in whitespaceprocessor.js by removing script

2. On click of dialog save, values are not getting retained in jcr:content node. script tag is getting removed.

And also src attribute for img tag is getting removed for few url's

below are the steps which helps us to solve few issues

1.We overlayed /apps/cq/xssprotection/config.xml which solves issue by adding required url.

2. This works only for few scenarios and fails if we are trying to use below img src tag

<img class='avia_image ' src='https://s3.amazonaws.com/cision-wp-files/us/wp-content/uploads/2018/03/12155415/marketing_content_2....' alt='' title='marketing_content_2' itemprop="contentURL"  />

Help is Appreciated !!

Thanks

Replies

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

04-04-2018

I am not following what you are trying to do. Are you following Adobe documentation when modifying the RTE like this., Can you ponit the community to the doc so this can be reproduced.

Highlighted

Avatar

Avatar

Syeda_Yasmeen_B

Avatar

Syeda_Yasmeen_B

Syeda_Yasmeen_B

04-04-2018

We are using the standard OOTB component and just trying to add an HTML which contains a script tag , On saving the Dialog, the script tag and entire content within the script is getting stripped of , leaving only with HTML.

Does this answer to your query?

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

04-04-2018

I am concerned when you say you have to modify whitespaceprocessor.js. As far as i know - there are no AEM instructions prompting you to modify this JS file.

If there are - can you point me there.

Highlighted

Avatar

Avatar

Syeda_Yasmeen_B

Avatar

Syeda_Yasmeen_B

Syeda_Yasmeen_B

04-04-2018

Hi Scott,

Thanks for you reply,

I had modified the whitespaceprocessor.js by referring to the solution given in below thread.

Is it possible to add javascript in rte? If yes, then how?

Even after trying the above solution the issue still exists.

Let us know what needs to be done further.

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

04-04-2018

Our touch UI expert said this article is applicable to your use case: http://experience-aem.blogspot.com/2015/05/aem-6-sp2-handling-custom-protocol-in-link-href-in-rte.ht...

Highlighted

Avatar

Avatar

kautuk_sahni

Community Manager

Total Posts

5.6K

Likes

961

Correct Answer

1.1K

Avatar

kautuk_sahni

Community Manager

Total Posts

5.6K

Likes

961

Correct Answer

1.1K
kautuk_sahni
Community Manager

06-04-2018

Similar thread:-

Highlighted

Avatar

Avatar

Pablo_Larrosa-R

Avatar

Pablo_Larrosa-R

Pablo_Larrosa-R

13-08-2018

hi Syeda ,

You were able to solve this ??

I'm running into the same issue that the RTE is removing the src attribute from the <img> tag

Highlighted

Avatar

Avatar

Arun_Patidar

MVP

Total Posts

2.9K

Likes

1.0K

Correct Answer

831

Avatar

Arun_Patidar

MVP

Total Posts

2.9K

Likes

1.0K

Correct Answer

831
Arun_Patidar
MVP

14-08-2018

Hi,

You can check /libs/cq/xssprotection/config.xml for img tag valid rules.

Thanks
Arun

Highlighted

Avatar

Avatar

Pablo_Larrosa-R

Avatar

Pablo_Larrosa-R

Pablo_Larrosa-R

14-08-2018

Thanks Arun,

For the img tag inside the RTE wasn't a missing configuration inside the /libs/cq/xssprotection/config.xml

It was the /libs/clientlibs/granite/richtext/core/js/HtmlSerializer.js the one stripping out the src attribute from the img tag.