XSS AntiSamy configuration for data attributes | Community
Skip to main content
A
AndySh4
Level 3
May 23, 2017
Solved

XSS AntiSamy configuration for data attributes

  • May 23, 2017
  • 3 replies
  • 3533 views

If I had an overlay of of the AntiSamy config file at /apps/cq/xssprotection/config.xml, could I adjust it to allow random data attributes specified by authors? I see it uses regular expressions to validate attribute values, but can I use a regular expression to validate an attribute name? For example, say an author wanted a div to have a data attribute with a name that ended in random letters like:

<div data-author-xbqmuwzkcsa="somevalue"></div>

Is there a way to allow random attribute names like that in the AntiSamy config? 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by AndySh4

This topic was raised in an internal discussion at my company where there is a desire to use HTML5 "data-" attributes without having to wire each one into the AntiSamy config.xml. This use case was once publicly discussed in a non-AEM project at https://jira.sakaiproject.org/browse/KNL-1007 . I was just wondering if this is currently possible with AEM AntiSamy.

3 replies

smacdonald2008
smacdonald2008
Level 10
May 24, 2017

Are you following an online doc topic for this. Can you point the community to your source of information for this use case. 

Dana__Anthony
Dana__Anthony
Level 2
May 24, 2017

https://helpx.adobe.com/experience-manager/kb/target-attribut-issue-tag.html

https://docs.adobe.com/docs/en/aem/6-2/develop/security.html

There's not a tremendous amount of documentation and the antisamy project hasn't been developed since 2013.  

A
AndySh4AuthorAccepted solution
Level 3
May 24, 2017

This topic was raised in an internal discussion at my company where there is a desire to use HTML5 "data-" attributes without having to wire each one into the AntiSamy config.xml. This use case was once publicly discussed in a non-AEM project at https://jira.sakaiproject.org/browse/KNL-1007 . I was just wondering if this is currently possible with AEM AntiSamy.

Terms & ConditionsAccessibility statement

Loading footer...