Xss config

Hi lisah,

Our team had done overlay in apps folder. However is it possible to make it as a content editable (means making as dialogs and saving it should update in xss config. Xml)

You need to overlay this file [1] under the /apps directory via CRXDE:

[1] /libs/cq/xssprotection/config.xml

See related doc here: Security

Instructions:

1. Go to http://{aemhost}/crx/de/index.jsp

2. Browse to /libs/cq/xssprotection/config.xml and right-click the file then select Copy

3. (Skip this step in 6.4 and later versions) Go to /apps and if it doesn't already exist, create the same folder structure usinig sling:Folder type /apps/cq/xssprotection.  Select the Access Control tab and allow sling-xss user jcr:read access to this folder.  If the folder already existed then this access is likely already granted.

4. Right-click /apps/cq/xssprotection and select Paste. That creates an overlay / copy of the file [1].

5. This new copy of the file under /apps overrides the one from the /libs folder.  You can now make edits to it and add this file to your application deployment package.

See this documentation for how to manage overlays in AEM: Overlays

Hi Kishore,

There is no ability to edit the xml file via dialogs.  However, there shouldn't be need to edit the configuration so often.  Antisamy xml format supports regular expressions.  That makes it so you can define complex rules.

More details can be found here:

https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project