AEM allow special link prefixes

2016-01-05

While working on a project at work I was having difficulties "displaying" a telephone number in the href attribute of a link:

1
<a href="tel:+133713371337">Call Me</a>

I was just doing things like I've been doing them before, calling the getter method (Java controller) in my sightly code but that did not work in this case. Apparently there are a couple of steps you have to take in order to allow this kind of behavior:

Add a configuration file

Add the following xml file to a config folder under apps (e.g. /apps/myapp/config). in your project. com.day.cq.rewriter.linkchecker.impl.LinkCheckerImpl.xml:

1
2
3
4
5
<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0"
          xmlns:sling="http://sling.apache.org/jcr/sling/1.0"
          jcr:primaryType="sling:OsgiConfig"
          service.special_link_prefix="[javascript:,data:,mailto:,#,${,tel:]"/>

As you can see in the content of the file there is a service.special_link_prefix property, in the property you can specify which link prefixes you will allow on your site. In my case it was all about the 'tel:]'.

By now you should be able to see your new allowed list of prefixes under http://localhost:4502/system/console/configMgr > Day CQ Link Checker Service (in my case I a running an aem instance locally):

Make it 'unsafe'

We need to disables escaping of are telephone number by doing the following:

1
href="${linkCtrl.link @ context='unsafe'}

By now you should have a correctly displaying link prefix!

NOTE: context='unsafe' does the following accordingly to the AEM documentation page:
Disables escaping and XSS protection completely. They also note: Use only if none of the other context settings do the job. I didn't really looked into the other settings but if you found one that also works please let me know in the comment section below.

Created by Jeroen Druwé