Hi,
We are developing a plug-in for Rich Text Editor (RTE) Component.
The plug-in will insert a <svg> tag (to display images for bullet points).
The issue is that, when we close the plug-in after entering necessary content, the <svg> tag is present in RTE, but on final closure of the RTE, the <svg> tag gets removed.
Is there a way to enable it for RTE, so that RTE does not remove it?
Platform - AEM 6.3 (so TouchUI)
Thanks in advance.
Regards,
Jagan K
We will check with our Touch UI experts
Hi,
We have the same question as it's come up in the current project.
The svg HTML looks something like the following in the RTE as it is entered:
<div class="xxx">
<svg class="icon" focusable="false">
<use href="images/svg/sprite.symbol.svg#icons--icon_check_circle" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="images/svg/sprite.symbol.svg#icons--icon_check_circle"></use>
</svg> TEXT HERE
</div>
AEM 6.3 SP1 Touch UI. Has there been any update or response? Thanks.
smacdonald2008 Is there an update on this issue? Thank you.
Is there an update on this? We are trying to resolve this issue with RTE
Hi , You can try below.
As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.
Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.
I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.
Thank You. Good day..!!
Do you see any antisamy warning the logs once you try to save the RTE dialog ? Can you share the log trace here ?
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The svg tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The defs tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
Any updates on this? Our group is looking to utilize this exact capability, and running into the same issue.
any updates on this? I have the same issue
Hi , You can try below.
As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.
Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.
I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.
Thank You. Good day..!!
thank you very much, it worked! btw we're on aem 6.5 but still having this issue for svg and use tags
Ok then you can add the same xssprotection config file in AEM 6.5 also and hope it will work. Thanks.
yes, it's working on AEM 6.5 too
That's Cool..
Hi @MayurSatav ,
first you need to copy the file under /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml to be able to modify it.
Next, anywhere in the file, you will write the tags and attributes you need to accept:
for example this is how you can accept svg tags
<tag name="svg" action="validate"></tag> <tag name="use" action="validate">you can also write your own regexp with a custom name
<attribute name="xlink:href"> <regexp-list> <regexp name="regExpName"/> </regexp-list> </attribute> </tag>
Hi JaganK,
As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.
Whenever we add the custom Attributes/Property in rte it gets removed custom attributes once dialog is submitted. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.
I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.
Thank You. Good day..!!
Views
Likes
Replies
Views
Likes
Replies