Adobe Experience Manager Sites & More

JaganK · 1/25/18

Hi,

We are developing a plug-in for Rich Text Editor (RTE) Component.

The plug-in will insert a <svg> tag (to display images for bullet points).

The issue is that, when we close the plug-in after entering necessary content, the <svg> tag is present in RTE, but on final closure of the RTE, the <svg> tag gets removed.

Is there a way to enable it for RTE, so that RTE does not remove it?

Platform - AEM 6.3 (so TouchUI)

Thanks in advance.

Regards,

Jagan K

smacdonald2008 · 2/1/18

We will check with our Touch UI experts

joanneh66541898 · 3/14/18

Hi,

We have the same question as it's come up in the current project.

The svg HTML looks something like the following in the RTE as it is entered:

</svg> TEXT HERE

</div>

AEM 6.3 SP1 Touch UI. Has there been any update or response? Thanks.

saryus12413976 · 3/21/18

smacdonald2008 Is there an update on this issue? Thank you.

udaybpatel · 4/11/20

Is there an update on this? We are trying to resolve this issue with RTE

kchaurasiya · 6/11/21

Hi , You can try below.

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!

Kunwar · 3/21/18

Do you see any antisamy warning the logs once you try to save the RTE dialog ? Can you share the log trace here ?

udaybpatel · 4/11/20

11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The svg tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The defs tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.

robinsonm · 1/4/19

Any updates on this? Our group is looking to utilize this exact capability, and running into the same issue.

rafcap · 6/11/21

any updates on this? I have the same issue

kchaurasiya · 6/11/21

Hi , You can try below.

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!

rafcap · 6/11/21

thank you very much, it worked! btw we're on aem 6.5 but still having this issue for svg and use tags

kchaurasiya · 6/11/21

Ok then you can add the same xssprotection config file in AEM 6.5 also and hope it will work. Thanks.

rafcap · 6/14/21

yes, it's working on AEM 6.5 too

kchaurasiya · 6/14/21

@rafcap

That's Cool.. Happy Learning..!!

MayurSatav · 7/13/21

Hi @rafcap ,

I tried the above solution but not working for me, could you please share in detail how you implement above solution ?

Thank you.

rafcap · 7/20/21

Hi @MayurSatav ,

first you need to copy the file under /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml to be able to modify it.

Next, anywhere in the file, you will write the tags and attributes you need to accept:

for example this is how you can accept svg tags

<tag name="svg" action="validate"></tag>
<tag name="use" action="validate">
    <attribute name="xlink:href">
        <regexp-list>
            <regexp name="regExpName"/>
        </regexp-list>
    </attribute>	
</tag>

you can also write your own regexp with a custom name

MayurSatav · 7/28/21

Thank you @rafcap ,

kchaurasiya · 6/11/21

Hi JaganK,

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes once dialog is submitted. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!

Adobe Experience Manager Sites & More

SVG Tag - no getting saved in Rich Text

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe