Highlighted

Script issue with RTE

Syeda_Yasmeen_B

04-04-2018

In AEM 6.3 script tag is not getting saved when configured via RTE.

Below are the observations we noticed

1.If we tried giving <script></script> in source edit and come back to normal view within dialog before closing, script is removed,

this is fixed by doing changes in whitespaceprocessor.js by removing script

2. On click of dialog save, values are not getting retained in jcr:content node. script tag is getting removed.

And also src attribute for img tag is getting removed for few url's

below are the steps which helps us to solve few issues

1.We overlayed /apps/cq/xssprotection/config.xml which solves issue by adding required url.

2. This works only for few scenarios and fails if we are trying to use below img src tag

<img class='avia_image ' src='https://s3.amazonaws.com/cision-wp-files/us/wp-content/uploads/2018/03/12155415/marketing_content_2....' alt='' title='marketing_content_2' itemprop="contentURL"  />

Help is Appreciated !!

Thanks

Replies

Highlighted

smacdonald2008

04-04-2018

I am not following what you are trying to do. Are you following Adobe documentation when modifying the RTE like this., Can you ponit the community to the doc so this can be reproduced.

Highlighted

Syeda_Yasmeen_B

04-04-2018

We are using the standard OOTB component and just trying to add an HTML which contains a script tag , On saving the Dialog, the script tag and entire content within the script is getting stripped of , leaving only with HTML.

Does this answer to your query?

Highlighted

smacdonald2008

04-04-2018

I am concerned when you say you have to modify whitespaceprocessor.js. As far as i know - there are no AEM instructions prompting you to modify this JS file.

If there are - can you point me there.

Highlighted

Syeda_Yasmeen_B

04-04-2018

Hi Scott,

Thanks for you reply,

I had modified the whitespaceprocessor.js by referring to the solution given in below thread.

Is it possible to add javascript in rte? If yes, then how?

Even after trying the above solution the issue still exists.

Let us know what needs to be done further.

Highlighted

Pablo_Larrosa-R

13-08-2018

hi Syeda ,

You were able to solve this ??

I'm running into the same issue that the RTE is removing the src attribute from the <img> tag

Highlighted

Pablo_Larrosa-R

14-08-2018

Thanks Arun,

For the img tag inside the RTE wasn't a missing configuration inside the /libs/cq/xssprotection/config.xml

It was the /libs/clientlibs/granite/richtext/core/js/HtmlSerializer.js the one stripping out the src attribute from the img tag.