Accepted Solutions (1)

Accepted Solutions (1)

lmha
Employee
26-07-2019

Kishore,

I am not certain if I understand your question, however, please refer to document [1] which states the OOTB XSS config file.

Your team would overlay the item /libs/cq/xssprotection/config.xml

to /apps/cq/xssprotection/config.xml

Make your changes to the overlaid file.

Please detail the intended use-case and requirements for us to be able to assist further.

Regards,

Lisa

[1] Security

Answers (3)

Answers (3)

Andrew_Khoury
Employee
26-07-2019

Hi Kishore,

There is no ability to edit the xml file via dialogs.  However, there shouldn't be need to edit the configuration so often.  Antisamy xml format supports regular expressions.  That makes it so you can define complex rules.

More details can be found here:

https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project

Andrew_Khoury
Employee
26-07-2019

You need to overlay this file [1] under the /apps directory via CRXDE:

[1] /libs/cq/xssprotection/config.xml

See related doc here: Security

Instructions:

1. Go to http://{aemhost}/crx/de/index.jsp

2. Browse to /libs/cq/xssprotection/config.xml and right-click the file then select Copy

3. (Skip this step in 6.4 and later versions) Go to /apps and if it doesn't already exist, create the same folder structure usinig sling:Folder type /apps/cq/xssprotection.  Select the Access Control tab and allow sling-xss user jcr:read access to this folder.  If the folder already existed then this access is likely already granted.

4. Right-click /apps/cq/xssprotection and select Paste. That creates an overlay / copy of the file [1].

5. This new copy of the file under /apps overrides the one from the /libs folder.  You can now make edits to it and add this file to your application deployment package.

See this documentation for how to manage overlays in AEM: Overlays

kishorek1264980 26-07-2019

Hi lisah,

Our team had done overlay in apps folder. However is it possible to make it as a content editable (means making as dialogs and saving it should update in xss config. Xml)