Adobe Experience Manager Sites & More

andyshreve · 5/23/17

If I had an overlay of of the AntiSamy config file at /apps/cq/xssprotection/config.xml, could I adjust it to allow random data attributes specified by authors? I see it uses regular expressions to validate attribute values, but can I use a regular expression to validate an attribute name? For example, say an author wanted a div to have a data attribute with a name that ended in random letters like:

<div data-author-xbqmuwzkcsa="somevalue"></div>

Is there a way to allow random attribute names like that in the AntiSamy config?

andyshreve · 5/24/17

This topic was raised in an internal discussion at my company where there is a desire to use HTML5 "data-" attributes without having to wire each one into the AntiSamy config.xml. This use case was once publicly discussed in a non-AEM project at https://jira.sakaiproject.org/browse/KNL-1007 . I was just wondering if this is currently possible with AEM AntiSamy.

View solution in original post

smacdonald2008 · 5/24/17

Are you following an online doc topic for this. Can you point the community to your source of information for this use case.

Dana__Anthony · 5/24/17

https://helpx.adobe.com/experience-manager/kb/target-attribut-issue-tag.html

https://docs.adobe.com/docs/en/aem/6-2/develop/security.html

There's not a tremendous amount of documentation and the antisamy project hasn't been developed since 2013.

andyshreve · 5/24/17

This topic was raised in an internal discussion at my company where there is a desire to use HTML5 "data-" attributes without having to wire each one into the AntiSamy config.xml. This use case was once publicly discussed in a non-AEM project at https://jira.sakaiproject.org/browse/KNL-1007 . I was just wondering if this is currently possible with AEM AntiSamy.

Adobe Experience Manager Sites & More

XSS AntiSamy configuration for data attributes

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe