AEM 6 SP2 - Handling Custom Protocol in Link Href in Rich Text Editor


Adding protocols like tel: (or any custom) in anchor tag href attribute, may not be printed as entered in RTE as link checker and XSS protection com.adobe.granite.xss.impl.HtmlToHtmlContentContext AntiSamy removes unrecognized protocols during component rendering. Here is the warning seen in error log

06.05.2015 10:07:45.213 *INFO* [0:0:0:0:0:0:0:1 [1430924865002] GET /content/geometrixx/en.html HTTP/1.1] com.adobe.granite.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The a tag contained an attribute that we could not process. The href attribute had a value of "tel:18475555555". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.

To get around this problem some configuration changes (Package Install) are required in CQ

Thank you Amrit Verma for the tip..


1) Overlay /libs/cq/xssprotection/config.xml in /apps - /apps/cq/xssprotection/config.xml

2) Add the protocol, say telURL

<regexp name="telURL" value="tel:[0-9]+"/>

3)  Add telURL configuration to the accepted list of anchor href

  <attribute name="href">
    <regexp name="onsiteURL"/>
    <regexp name="offsiteURL"/>
    <regexp name="telURL"/>

4) Add tel: to the Link Checker Special Link Prefixes http://localhost:4502/system/console/configMgr/

5) With these configuration changes any tel: links in RTE should render fine...


  1. Thanks a lot Sreekanth, it worked well for me

  2. This comment has been removed by the author.