Customize the rich text editor toolbar

In Sitecore AI, the rich text editor (RTE) toolbar, powered by CKEditor, comes with a fixed set of features by default. You can configure the toolbar for editors by defining profiles and assigning them to SitecoreAI sites. These profiles determine which editor tools are available to content authors and how they are organized: for each profile, you can remove or reorder the items in the toolbar, but you can't introduce new features or change the schema shape of the toolbar items or groups.

Understanding the Editor profile API

You can create a new profile, with its own RTE toolbar configuration, using the Editor profile API. When creating a new toolbar profile, the toolbar item names and structure must adhere to the supported configuration.

Editor profiles are stored as objects with two required fields:

  • name - specifies the profile name for the Editor toolbar.
  • value - contains the configuration for the toolbar items and grouping (as a -stringified Editor config object).

When stored in a profile, this configuration must be stringified inside the value property, for example:

{
  "name": "Basic Editing",
  "value": "{"toolbar":{"items":["bold","italic","underline","link","bulletedList","numberedList"]}}"
}

When you customize the value array:

  • You can remove any items from the items array.
  • You can reorder items (including groups and pipe character | separators).

To ensure compatibility with SitecoreAI:

  • Do not add new toolbar item names. Only the item IDs listed in the Available toolbar items tables are valid. Any additional or custom names will be rejected.
  • Do not change the schema structure of toolbar items or grouped objects. You may not introduce new properties or alter the expected object shape.
  • Do not rename existing toolbar items. Names must match exactly (case-sensitive) the items listed in the Available toolbar items tables.
  • Do not introduce custom plugin identifiers unless provided by Sitecore.
Note

In SitecoreAI, rich text editor toolbar profiles are applied at the site level, not per field. Unlike in XM/XP, assigning an editor profile in the Source field of a rich text field definition is not supported and has no effect. All rich text fields within a site use the toolbar profile assigned to that site.

Available toolbar items

The toolbar items listed in the tables below can be added to the RTE.

The table only includes toolbar items that can be explicitly configured through a CKEditor profile. Some commands that are visible to content authors when editing rich text (for example, Find and replace) are provided by the editor but aren’t configurable through toolbar profiles.

Text formatting

Item IDDescription
boldBold text
italicItalic text
emphasisCustom emphasis style
underlineUnderline text
strikethroughStrikethrough text
subscriptSubscript formatting
superscriptSuperscript formatting
removeFormatClear all formating
styleDisplays a styles drop-down in the toolbar

Color controls

Item IDDescription
fontColorText color picker
fontBackgroundColorHighlight color

Structure

Item IDDescription
headingHeading dropdown (H1–H6, paragraph)
alignmentAlign left, center, right, justify
blockQuoteBlock quotation

Lists & Indentation

Item IDDescription
bulletedListUnordered list
numberedListOrdered list
indentIncrease indent
outdentDecrease indent
Item IDDescription
linkExternal hyperlink
internalLinkInternal Sitecore item link
phoneLinkPhone number link

Media & Tables

Item IDDescription
sitecoreSelectMediaInsert media library item
insertTableInsert table
horizontalLineInsert horizontal rule

Advanced features

Item IDDescription
sourceEditingRaw HTML source editor
sitecoreResetFieldValueClear value

Grouped items

Grouped drop-down menus take the following form:

{
"group": "formatting",
"label": "Formatting",
"icon": "text",
"items": ["strikethrough", "subscript", "superscript", "removeFormat"]
}

In the above code sample:

  • group is the unique identifier.
  • label is the drop-down display name.
  • icon is the icon identifier.
  • items is the list of included toolbar items IDs.

The following table lists the predefined groups of the toolbar:

Group IDLabelIconItems
formattingFormattingtextstrikethrough, subscript, superscript, removeFormat
insertInsertplushorizonSelectMedia, insertTable, horizontalLine

Example profiles

Here are examples of configuration for SitecoreAI RTE toolbar profiles.

Minimal profile

{
  "name": "Minimal",
  "value": "{"toolbar":{"items":["bold","italic","link"] }}"
}

Marketer profile

{
  "name": "Marketing",
  "value": {
    "toolbar": {
      "items": [
        "bold", "italic", "underline",  "|", "heading",  "|", "bulletedList", "numberedList",  "|", "link", "internalLink",  "|", "horizonSelectMedia"
      ]
    }
  }
}

Full toolbar profile with custom styles

{
  "name": "Full with Custom Styles",
  "value": {
    "toolbar": {
      "items": [ "bold", "italic", "emphasis", "underline", "style", "blockQuote",
        {
          "group": "formatting",
          "label": "Formatting",
          "icon": "text",
          "items": ["strikethrough", "subscript", "superscript", "|","removeFormat"]
        },
        "fontColor", "fontBackgroundColor", "|", "heading", "|", "alignment", "bulletedList", "numberedList", "|", "outdent", "indent", "|", "link", "internalLink", "phoneLink", "|",        
        {
          "group": "insert",
          "label": "Insert",
          "withText": false,
          "icon": "plus",
          "items": ["sitecoreSelectMedia", "insertTable", "horizontalLine"]
        },
        "|", "sourceEditing", "|", "sitecoreResetFieldValue"]
    },
    "style": {
      "definitions": [
        {
          "name": "Article category",
          "element": "h3",
          "classes": ["category"]
        },
        {
          "name": "Info box",
          "element": "p",
          "classes": ["info-box"]
        }
      ]
    }
  }
}

Filter HTML in rich text fields

When you save content in a Rich Text field, SitecoreAI processes and filters the HTML. This helps protect sites from security risks and unintended markup. As a result, some HTML elements, such as <script>, might be removed or modified when the content is saved.

IMPORTANT

We recommend that you do not embed JavaScript into Rich Text fields. Instead, consider adding scripts through site or theme assets, using dedicated components or renderings designed for scripts or embeddings, or implementing controlled custom components with restricted author permissions.

By default, the Rich Text Editor filters executable and potentially unsafe HTML before saving field values, such as:

  • <script> tags
  • Inline JavaScript (for example, onClick, onLoad)
  • JavaScript URLs (for example, javascript:)

This reduces the risk of cross-site scripting (XSS) and other script-related issues. You can control how HTML is filtered using the following configuration:

<setting name="HtmlEditor.RemoveScripts" value="true" />

When the configuration setting is set to:

  • true - script tags and inline scripts are removed before saving. This is the default setting.
  • false - script tags are preserved in Rich Text field values.
IMPORTANT

Allowing scripts in Rich Text fields can introduce security risks. Only disable this setting if you fully understand the implications and restrict author access accordingly.

To apply the configuration setting:

  1. Use a patch file in the App_Config/Include folder.
  2. Ensure the configuration file is included in your deployment and applied to the correct role.
  3. After deployment, verify the effective value using showconfig.aspx.
NOTE

When rich text content is consumed through GraphQL or rendered outside SXA, the HTML might be further filtered or escaped by the frontend application. Elements such as <iframe> might be blocked by frontend sanitization, rendering logic, or browser security policies (for example, Content Security Policy or X-Frame-Options).

If you have suggestions for improving this article, let us know!