we have a scenario, in which we have a multifield, which contains richtext. Now this richtext gets saved in crx, and we need to apply it on a title attribute of a span. So the input looks something like this:
Which then gets passed through a model which should output this:
Now the xss protection filters it out. We already overlayed cq/xssprotection/config.xml and included the attribute:
<tag name="span" action="validate">
<attribute name="title"> <regexp-list> <regexp value=".*"/> </regexp-list> </attribute></tag>
But that sadly doesn't work, it still gets filtered out by AEM. I even tried to put this config inside /libs/sling/xss and /libs/cq/xssprotection, without success.
Is AEM by default filtering out escaped HTML tags? How can I make this work?
Try specifying each character's HTML entity equivalent rather than .*
Check if this helps - Re: RTE Plugin modifying HTML || Removing JS functions like onClick=""
Re: links to ppt not working on OOB text component