Expand my Community achievements bar.

SOLVED

Why do we use RTEFilterServletFactory in core components?

Avatar

Level 3
Level 3
2/18/20 12:26:00 PM

I see https://github.com/adobe/aem-core-wcm-components/blob/master/config/src/content/jcr_root/apps/core/w... in used in core components but not sure why this is used. Can someone please confirm?

 

Views

2.5K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
2/18/20 4:37:02 PM

Hi,

This configuration makes sure RTE editor content gets filtered to avoid XSS attacks.

 

This feature is pending official addition to the Adobe docs:

  • com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServlet is the new generic servlet introduced that returns the content filtered (through the XSS API).
  • This servlet is not bound to a particular component resource type, and can actually be configured to be bound to any new Text component by adding a new configuration amendment
    Here's an example of such configuration amendment:
    com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-foundation
    resource.types=[
    "wcm/foundation/components/text",
    "wcm/foundation/components/textimage"]

 

For the Core Text components: https://github.com/Adobe-Marketing-Cloud/aem-core-wcm-components/blob/master/config/src/content/jcr_...

View solution in original post

Views

2.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Employee
Employee
2/18/20 4:37:02 PM

Hi,

This configuration makes sure RTE editor content gets filtered to avoid XSS attacks.

 

This feature is pending official addition to the Adobe docs:

  • com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServlet is the new generic servlet introduced that returns the content filtered (through the XSS API).
  • This servlet is not bound to a particular component resource type, and can actually be configured to be bound to any new Text component by adding a new configuration amendment
    Here's an example of such configuration amendment:
    com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-foundation
    resource.types=[
    "wcm/foundation/components/text",
    "wcm/foundation/components/textimage"]

 

For the Core Text components: https://github.com/Adobe-Marketing-Cloud/aem-core-wcm-components/blob/master/config/src/content/jcr_...

Views

2.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply