Expand my Community achievements bar.

Adobe Summit is live! Tune in to take part in the premier digital experience event.
Join now
SOLVED

Why do we use RTEFilterServletFactory in core components?

Avatar

Level 3
Level 3
2/18/20 12:26:00 PM

I see https://github.com/adobe/aem-core-wcm-components/blob/master/config/src/content/jcr_root/apps/core/w... in used in core components but not sure why this is used. Can someone please confirm?

 

Views

2.7K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
2/18/20 4:37:02 PM

Hi,

This configuration makes sure RTE editor content gets filtered to avoid XSS attacks.

 

This feature is pending official addition to the Adobe docs:

  • com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServlet is the new generic servlet introduced that returns the content filtered (through the XSS API).
  • This servlet is not bound to a particular component resource type, and can actually be configured to be bound to any new Text component by adding a new configuration amendment
    Here's an example of such configuration amendment:
    com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-foundation
    resource.types=[
    "wcm/foundation/components/text",
    "wcm/foundation/components/textimage"]

 

For the Core Text components: https://github.com/Adobe-Marketing-Cloud/aem-core-wcm-components/blob/master/config/src/content/jcr_...

View solution in original post

Views

2.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Employee
Employee
2/18/20 4:37:02 PM

Hi,

This configuration makes sure RTE editor content gets filtered to avoid XSS attacks.

 

This feature is pending official addition to the Adobe docs:

  • com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServlet is the new generic servlet introduced that returns the content filtered (through the XSS API).
  • This servlet is not bound to a particular component resource type, and can actually be configured to be bound to any new Text component by adding a new configuration amendment
    Here's an example of such configuration amendment:
    com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-foundation
    resource.types=[
    "wcm/foundation/components/text",
    "wcm/foundation/components/textimage"]

 

For the Core Text components: https://github.com/Adobe-Marketing-Cloud/aem-core-wcm-components/blob/master/config/src/content/jcr_...

Views

2.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Unable to store rich-text content in a custom property name Solved

Views

93

Likes

0

Replies

4
Querybuilder Query to list pages with no specific node and is in published state

Views

2

Likes

0

Replies

0
How to authenticate aem user in custom login form?

Views

43

Likes

0

Replies

1
Dynamic Media - Implementation in a Custom component

Views

50

Likes

0

Replies

0
Storybook API how to render HTML in my AEM component

Views

33

Likes

0

Replies

0