OOTB I could see below config as mentioned in .
In case you do not require to validate this attribute you can remove it from attribute list or create regex expression that allows everything.
Hence you can adapt this configuration as per your need by overlaying it taking into account security concerns at your end. Please refer . The default AntiSamy configuration can be found at /libs/cq/xssprotection/config.xml