adobe/aem-core-email-components

Content Fragment Editor - Links with Personalization token gets removed due to Antisamy protection rules

priyankpardiwala opened this issue · 4 comments

priyankpardiwala commented

Steps to reproduce

  1. Create a new Content Fragment
  2. Use Link Plugin to author a hyperlink containing personalization token. For example: <%= targetData.viewInBrowserLink %>
  3. Save CF.
  4. The Content Fragment gets saved as expected. We can also see the crx/de that the markup for CF shows the tag with personalization token in href.
  5. Re-edit the fragment.
  6. Notice that the link is completely removed by CF Editor.

We checked the logs and we see messages indicating that the links were removed due to XSS/Antisamy protection.

bpauli commented

@adobe export issue to Jira project SITES as Bug

github-jira-sync-bot commented

Jira issue SITES-9640 is successfully created for this GitHub issue.

bpauli commented

Hi @priyankpardiwala, I have forwarded this issue to the CF Admin team. Looks like the disableXSSFiltering option needs to be set.

cc @martinischeery

priyankpardiwala commented

Hi @bpauli - is this something that we can do on our end via some form of customization OR would this need to be part of a Service Pack or a hotfix?