Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SVG Tag - no getting saved in Rich Text

JaganK
Level 2
Level 2

Hi,

We are developing a plug-in for Rich Text Editor (RTE) Component.

The plug-in will insert a <svg> tag (to display images for bullet points).

The issue is that, when we close the plug-in after entering necessary content, the <svg> tag is present in RTE, but on final closure of the RTE, the <svg> tag gets removed.

Is there a way to enable it for RTE, so that RTE does not remove it?

Platform - AEM 6.3 (so TouchUI)

Thanks in advance.

Regards,

Jagan K

18 Replies
smacdonald2008
Level 10
Level 10

We will check with our Touch UI experts

joanneh66541898
Level 1
Level 1

Hi,

We have the same question as it's come up in the current project.

The svg HTML looks something like the following in the RTE as it is entered:

<div class="xxx">

<svg class="icon" focusable="false">

<use href="images/svg/sprite.symbol.svg#icons--icon_check_circle" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="images/svg/sprite.symbol.svg#icons--icon_check_circle"></use>

</svg> TEXT HERE

</div>

AEM 6.3 SP1 Touch UI. Has there been any update or response? Thanks.

udaybpatel
Level 1
Level 1

Is there an update on this? We are trying to resolve this issue with RTE 

kchaurasiya
Level 6
Level 6

Hi , You can try below.

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

 

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

kchaurasiya_0-1623411432182.png

 

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!

Kunwar
Employee
Employee

Do you see any antisamy warning the logs once you try to save the RTE dialog ? Can you share the log trace here ?

udaybpatel
Level 1
Level 1

11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The svg tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The defs tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.
11.04.2020 13:37:28.215 *INFO* [0:0:0:0:0:0:0:1 [1586637448208] GET /content/teaser.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The g tag has been filtered for security reasons. The contents of the tag will remain in place.

robinsonm
Level 3
Level 3

Any updates on this? Our group is looking to utilize this exact capability, and running into the same issue.

kchaurasiya
Level 6
Level 6

Hi , You can try below.

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

 

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes while submitting the dialog. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

kchaurasiya_0-1623411432182.png

 

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!

rafcap
Level 2
Level 2

thank you very much, it worked! btw we're on aem 6.5 but still having this issue for svg and use tags

kchaurasiya
Level 6
Level 6

Ok then you can add the same xssprotection config file in AEM 6.5 also and hope it will work. Thanks.

mayur_satav
Level 3
Level 3

Hi @rafcap ,

 

I tried the above solution but not working for me, could you please share in detail how you implement above solution ?

 

Thank you.

rafcap
Level 2
Level 2

Hi @mayur_satav ,

first you need to copy the file under /libs/cq/xssprotection/config.xml to /apps/cq/xssprotection/config.xml to be able to modify it.

 

Next, anywhere in the file, you will write the tags and attributes you need to accept:

for example this is how you can accept svg tags

<tag name="svg" action="validate"></tag>
<tag name="use" action="validate">
<attribute name="xlink:href"> <regexp-list> <regexp name="regExpName"/> </regexp-list> </attribute> </tag>
you can also write your own regexp with a custom name
kchaurasiya
Level 6
Level 6

Hi JaganK,

As long as you are using OOTB API's , the code will be XSS protected.If you are using anything custom, you can overlay below file under /apps and make the necessary changes.

 

Whenever we add the custom Attributes/Property in rte it gets removed custom attributes once dialog is submitted. For this i think we have to make a entry inside the xssprotection config file. You can navigate to OOTB xssprotection config file path (http://localhost:4502/crx/de/index.jsp#/libs/cq/xssprotection/config.xml) but do not change inside this directly. You can copy and paste it inside the "/apps/cq" path and try to add the custom attributes whichever is getting removed while submitting the dialog. Just see the attribute entry in below snapshot for the reference.

kchaurasiya_0-1623411432182.png

 

I think this issue we usually face in AEM version 6.3 and 6.4. and going forward this is resolved in AEM 6.5 , As no need to make a entry in xssprotection file. Please try this and let me know.

Thank You. Good day..!!