Accepted Solutions (1)

Accepted Solutions (1)

Andrew_Khoury
Employee
18-02-2020

Hi,

This configuration makes sure RTE editor content gets filtered to avoid XSS attacks.

 

This feature is pending official addition to the Adobe docs:

  • com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServlet is the new generic servlet introduced that returns the content filtered (through the XSS API).
  • This servlet is not bound to a particular component resource type, and can actually be configured to be bound to any new Text component by adding a new configuration amendment
    Here's an example of such configuration amendment:
    com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-foundation
    resource.types=[
    "wcm/foundation/components/text",
    "wcm/foundation/components/textimage"]

 

For the Core Text components: https://github.com/Adobe-Marketing-Cloud/aem-core-wcm-components/blob/master/config/src/content/jcr_...

Answers (0)