SVG Tag - no getting saved in Rich Text | Community
Skip to main content
J
JaganK
Level 2
January 25, 2018

SVG Tag - no getting saved in Rich Text

  • January 25, 2018
  • 5 replies
  • 10637 views

Hi,

We are developing a plug-in for Rich Text Editor (RTE) Component.

The plug-in will insert a <svg> tag (to display images for bullet points).

The issue is that, when we close the plug-in after entering necessary content, the <svg> tag is present in RTE, but on final closure of the RTE, the <svg> tag gets removed.

Is there a way to enable it for RTE, so that RTE does not remove it?

Platform - AEM 6.3 (so TouchUI)

Thanks in advance.

Regards,

Jagan K

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

    5 replies

    smacdonald2008
    smacdonald2008
    Level 10
    February 1, 2018

    We will check with our Touch UI experts

      J
      joanneh66541898
      March 14, 2018

      Hi,

      We have the same question as it's come up in the current project.

      The svg HTML looks something like the following in the RTE as it is entered:

      <div class="xxx">

      <svg class="icon" focusable="false">

      <use href="images/svg/sprite.symbol.svg#icons--icon_check_circle" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="images/svg/sprite.symbol.svg#icons--icon_check_circle"></use>

      </svg> TEXT HERE

      </div>

      AEM 6.3 SP1 Touch UI. Has there been any update or response? Thanks.

        K
        Adobe Employee
        KunwarsalujaAdobe Employee
        Adobe Employee
        March 21, 2018

        Do you see any antisamy warning the logs once you try to save the RTE dialog ? Can you share the log trace here ?

          udayinit88
          udayinit88
          April 11, 2020

          11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The svg tag has been filtered for security reasons. The contents of the tag will remain in place.
          11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The defs tag has been filtered for security reasons. The contents of the tag will remain in place.
          11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
          11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
          11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
          11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.

            M
            mrobinson-1
            Level 3
            January 4, 2019

            Any updates on this? Our group is looking to utilize this exact capability, and running into the same issue.

              R
              rafcap
              Level 2
              June 11, 2021

              any updates on this? I have the same issue

                kchaurasiya
                kchaurasiya
                Level 5
                June 11, 2021

                Hi , You can try below.

                As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

                 

                Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

                 

                I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

                Thank You. Good day..!!

                  R
                  rafcap
                  Level 2
                  June 11, 2021

                  thank you very much, it worked! btw we're on aem 6.5 but still having this issue for svg and use tags

                    kchaurasiya
                    kchaurasiya
                    Level 5
                    June 11, 2021

                    Hi JaganK,

                    As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

                     

                    Whenever we add the custom Attributes/Property in rte it gets removed custom attributes once dialog is submitted. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

                     

                    I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

                    Thank You. Good day..!!

                      Terms & ConditionsAccessibility statement

                      Loading footer...