[Embed] Empty `textarea` causes code leak

[tjameswhite]

Bug Report

Current Behavior Using Core Embed HTML option:

• Enter <textarea name="name" rows="10" cols="40"></textarea>
• Results in HTML code being displayed on screen;
• Behaves like an unclosed element, but exposing the following HTML.
• See screen shots from both author and view as publish modes.

Expected behavior/code Expected to render an empty textarea. See normal-textarea.jpg screen shot.

Environment

• AEM version and patch level (e.g. AEM 6.3 SP1 CFP2): AEM 6.5.8
• Core Components version (e.g. 2.0.4): ver 2.16
• JRE version (e.g. Java(TM) SE Runtime Environment (build 1.8.0_152-b16)): build 1.8.0_121-b13)(build 1.8.0_121-b13

Additional context / Screenshots Issue was reported by @anireddy on the AEM-Tech development Slack channel. (https://aem-tech.slack.com/archives/C3F6CM48Y/p1621455300006600) If the <textarea> is not empty it renders correctly. But if empty the error occurs. So while the above breaks this works: <textarea name="name" rows="10" cols="40">@nbsp;</textarea>

Additionally, once the component breaks, it is not authorable.

Author:

View as Pub:

Expected:

[msagolj]

@adobe export issue to Jira Project SITES as Bug

[github-jira-sync-bot]

:white_check_mark: Jira issue SITES-898 is successfully created for this GitHub issue.

[raducotescu]

This seems to happen because of how AntiSamy is configured by default in AEM, specifically the useXHTML option which is set to true. Setting this to false makes the empty textarea render correctly.