Why do we use RTEFilterServletFactory in core components?

Question

I see https://github.com/adobe/aem-core-wcm-components/blob/master/config/src/content/jcr_root/apps/core/wcm/config/com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-core-components.config in used in core components but not sure why this is used. Can someone please confirm?

akhoury · Accepted Answer

Hi,This configuration makes sure RTE editor content gets filtered to avoid XSS attacks. This feature is pending official addition to the Adobe docs:com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServlet is the new generic servlet introduced that returns the content filtered (through the XSS API).This servlet is not bound to a particular component resource type, and can actually be configured to be bound to any new Text component by adding a new configuration amendmentHere's an example of such configuration amendment:com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-foundationresource.types=["wcm/foundation/components/text","wcm/foundation/components/textimage"] For the Core Text components: https://github.com/Adobe-Marketing-Cloud/aem-core-wcm-components/blob/master/config/src/content/jcr_root/apps/core/wcm/config/com.adobe.cq.ui.wcm.commons.internal.servlets.rte.RTEFilterServletFactory.amended-core-components.config

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded