AEM 6 SP2 - Handling Custom Protocol in Link Href in Rich Text Editor

Goal


Adding protocols like tel: (or any custom) in anchor tag href attribute, may not be printed as entered in RTE as link checker com.day.cq.rewriter.linkchecker.impl.LinkCheckerImpl and XSS protection com.adobe.granite.xss.impl.HtmlToHtmlContentContext AntiSamy removes unrecognized protocols during component rendering. Here is the warning seen in error log

06.05.2015 10:07:45.213 *INFO* [0:0:0:0:0:0:0:1 [1430924865002] GET /content/geometrixx/en.html HTTP/1.1] com.adobe.granite.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The a tag contained an attribute that we could not process. The href attribute had a value of "tel:18475555555". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.

To get around this problem some configuration changes (Package Install) are required in CQ

Thank you Amrit Verma for the tip..

Solution


1) Overlay /libs/cq/xssprotection/config.xml in /apps - /apps/cq/xssprotection/config.xml

2) Add the protocol, say telURL

<regexp name="telURL" value="tel:[0-9]+"/>




3)  Add telURL configuration to the accepted list of anchor href

  <attribute name="href">
   <regexp-list>
    <regexp name="onsiteURL"/>
    <regexp name="offsiteURL"/>
    <regexp name="telURL"/>
   </regexp-list>
  </attribute>




4) Add tel: to the Link Checker Special Link Prefixes http://localhost:4502/system/console/configMgr/com.day.cq.rewriter.linkchecker.impl.LinkCheckerImpl




5) With these configuration changes any tel: links in RTE should render fine...





5 comments:

  1. Thanks a lot Sreekanth, it worked well for me

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. For HTL configuration file path is "/libs/sling/xss/config.xml" & Instance should be restarted after overlaying those file.

    ReplyDelete
  4. It works perfect at my end without restart instance. Thank a ton Sreekanth.
    P/S: Reproduce with AEM 6.2.0 version

    ReplyDelete
  5. javascript:Director.directRequest('*'); Some thing like this is not working for me. Is there some thing i need to add?

    ReplyDelete