Why do we use RTEFilterServletFactory in core components?

Avatar

Avatar

manojd55574250

Avatar

manojd55574250

manojd55574250

18-02-2020

I see https://github.com/adobe/aem-core-wcm-components/blob/master/config/src/content/jcr_root/apps/core/w... in used in core components but not sure why this is used. Can someone please confirm?

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

Andrew_Khoury

Employee

Avatar

Andrew_Khoury

Employee

Andrew_Khoury
Employee

18-02-2020

Hi,

This configuration makes sure RTE editor content gets filtered to avoid XSS attacks.

 

This feature is pending official addition to the Adobe docs:

  • com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServlet is the new generic servlet introduced that returns the content filtered (through the XSS API).
  • This servlet is not bound to a particular component resource type, and can actually be configured to be bound to any new Text component by adding a new configuration amendment
    Here's an example of such configuration amendment:
    com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-foundation
    resource.types=[
    "wcm/foundation/components/text",
    "wcm/foundation/components/textimage"]

 

For the Core Text components: https://github.com/Adobe-Marketing-Cloud/aem-core-wcm-components/blob/master/config/src/content/jcr_...

Answers (0)