Reputation: 460
Sanitizing inputs with AEM
We have various people updating our AEM website however when they copy and paste from word or from online it retains the HTML. I'm wondering if AEM has any built-in way of sanitizing the input so I don't need to build one.
Upvotes: 2
Views: 1011
Answers (3)
Reputation: 191
The usual approach in AEM is to protect the user on output (i.e. take the input as-is and use the built-in XSS API when rendering that input).
Upvotes: 0
Reputation: 1323
We had a rich text edit component with same issue wherein authors were able to place HTML styling onto RTE and the placed styles were colliding with application styles and was breaking components. Fix was, we stripped out all HTML styling using jsoup API before rendering back on screen.
Upvotes: 0
Reputation: 866
If you are using Rich Text Editor field in the dialog then the text will be parsed and some tags will be stripped. Take a look here for more information about how to configure it and how it works.
Upvotes: 3
Related Questions
- Sanitizing user input before adding it to the DOM in Javascript
- AEM and customized emails
- Can I protect against SQL injection by escaping single-quote and surrounding user input with single-quotes?
- How do I export my built AEM site with all the content and assets for someone else?
- How can I restrict a user's access to just a single node of an AEM website?
- Use an AEM component from another site
- Importing tags into AEM from a CSV file