Expand my Community achievements bar.

SVG Tag - no getting saved in Rich Text

Avatar

Level 2

Hi,

We are developing a plug-in for Rich Text Editor (RTE) Component.

The plug-in will insert a <svg> tag (to display images for bullet points).

The issue is that, when we close the plug-in after entering necessary content, the <svg> tag is present in RTE, but on final closure of the RTE, the <svg> tag gets removed.

Is there a way to enable it for RTE, so that RTE does not remove it?

Platform - AEM 6.3 (so TouchUI)

Thanks in advance.

Regards,

Jagan K

18 Replies

Avatar

Level 1

Hi,

We have the same question as it's come up in the current project.

The svg HTML looks something like the following in the RTE as it is entered:

<div class="xxx">

<svg class="icon" focusable="false">

<use href="images/svg/sprite.symbol.svg#icons--icon_check_circle" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="images/svg/sprite.symbol.svg#icons--icon_check_circle"></use>

</svg> TEXT HERE

</div>

AEM 6.3 SP1 Touch UI. Has there been any update or response? Thanks.

Avatar

Level 1

Is there an update on this? We are trying to resolve this issue with RTE 

Avatar

Level 6

Hi , You can try below.

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

 

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

kchaurasiya_0-1623411432182.png

 

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!

Avatar

Employee

Do you see any antisamy warning the logs once you try to save the RTE dialog ? Can you share the log trace here ?

Avatar

Level 1

11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The svg tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The defs tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.

Avatar

Level 3

Any updates on this? Our group is looking to utilize this exact capability, and running into the same issue.

Avatar

Level 2

any updates on this? I have the same issue

Avatar

Level 6

Hi , You can try below.

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

 

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

kchaurasiya_0-1623411432182.png

 

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!

Avatar

Level 2

thank you very much, it worked! btw we're on aem 6.5 but still having this issue for svg and use tags

Avatar

Level 6

Ok then you can add the same xssprotection config file in AEM 6.5 also and hope it will work. Thanks.

Avatar

Community Advisor

Hi @rafcap ,

 

I tried the above solution but not working for me, could you please share in detail how you implement above solution ?

 

Thank you.

Avatar

Level 2

Hi @MayurSatav ,

first you need to copy the file under /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml to be able to modify it.

 

Next, anywhere in the file, you will write the tags and attributes you need to accept:

for example this is how you can accept svg tags

<tag name="svg" action="validate"></tag>
<tag name="use" action="validate">
<attribute name="xlink:href"> <regexp-list> <regexp name="regExpName"/> </regexp-list> </attribute> </tag>
you can also write your own regexp with a custom name

Avatar

Level 6

Hi JaganK,

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

 

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes once dialog is submitted. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

kchaurasiya_0-1623411432182.png

 

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!