Customize the rich text editor toolbar
In Sitecore AI, the rich text editor (RTE) toolbar, powered by CKEditor, comes with a fixed set of features by default. You can configure the toolbar for editors by defining profiles and assigning them to SitecoreAI sites. These profiles determine which editor tools are available to content authors and how they are organized: for each profile, you can remove or reorder the items in the toolbar, but you can't introduce new features or change the schema shape of the toolbar items or groups.
Understanding the Editor profile API
You can create a new profile, with its own RTE toolbar configuration, using the Editor profile API. When creating a new toolbar profile, the toolbar item names and structure must adhere to the supported configuration.
Editor profiles are stored as objects with two required fields:
- name - specifies the profile name for the Editor toolbar.
- value - contains the configuration for the toolbar items and grouping (as a -stringified Editor config object).
When stored in a profile, this configuration must be stringified inside the value property, for example:
When you customize the value array:
- You can remove any items from the items array.
- You can reorder items (including groups and pipe character | separators).
To ensure compatibility with SitecoreAI:
- Do not add new toolbar item names. Only the item IDs listed in the Available toolbar items tables are valid. Any additional or custom names will be rejected.
- Do not change the schema structure of toolbar items or grouped objects. You may not introduce new properties or alter the expected object shape.
- Do not rename existing toolbar items. Names must match exactly (case-sensitive) the items listed in the Available toolbar items tables.
- Do not introduce custom plugin identifiers unless provided by Sitecore.
In SitecoreAI, rich text editor toolbar profiles are applied at the site level, not per field. Unlike in XM/XP, assigning an editor profile in the Source field of a rich text field definition is not supported and has no effect. All rich text fields within a site use the toolbar profile assigned to that site.
Available toolbar items
The toolbar items listed in the tables below can be added to the RTE.
The table only includes toolbar items that can be explicitly configured through a CKEditor profile. Some commands that are visible to content authors when editing rich text (for example, Find and replace) are provided by the editor but aren’t configurable through toolbar profiles.
Text formatting
| Item ID | Description |
|---|---|
| bold | Bold text |
| italic | Italic text |
| emphasis | Custom emphasis style |
| underline | Underline text |
| strikethrough | Strikethrough text |
| subscript | Subscript formatting |
| superscript | Superscript formatting |
| removeFormat | Clear all formating |
| style | Displays a styles drop-down in the toolbar |
Color controls
| Item ID | Description |
|---|---|
| fontColor | Text color picker |
| fontBackgroundColor | Highlight color |
Structure
| Item ID | Description |
|---|---|
| heading | Heading dropdown (H1–H6, paragraph) |
| alignment | Align left, center, right, justify |
| blockQuote | Block quotation |
Lists & Indentation
| Item ID | Description |
|---|---|
| bulletedList | Unordered list |
| numberedList | Ordered list |
| indent | Increase indent |
| outdent | Decrease indent |
Links
| Item ID | Description |
|---|---|
| link | External hyperlink |
| internalLink | Internal Sitecore item link |
| phoneLink | Phone number link |
Media & Tables
| Item ID | Description |
|---|---|
| sitecoreSelectMedia | Insert media library item |
| insertTable | Insert table |
| horizontalLine | Insert horizontal rule |
Advanced features
| Item ID | Description |
|---|---|
| sourceEditing | Raw HTML source editor |
| sitecoreResetFieldValue | Clear value |
Grouped items
Grouped drop-down menus take the following form:
In the above code sample:
- group is the unique identifier.
- label is the drop-down display name.
- icon is the icon identifier.
- items is the list of included toolbar items IDs.
The following table lists the predefined groups of the toolbar:
| Group ID | Label | Icon | Items |
|---|---|---|---|
| formatting | Formatting | text | strikethrough, subscript, superscript, removeFormat |
| insert | Insert | plus | horizonSelectMedia, insertTable, horizontalLine |
Example profiles
Here are examples of configuration for SitecoreAI RTE toolbar profiles.
Minimal profile
Marketer profile
Full toolbar profile with custom styles
Filter HTML in rich text fields
When you save content in a Rich Text field, SitecoreAI processes and filters the HTML. This helps protect sites from security risks and
unintended markup. As a result, some HTML elements, such as <script>, might be removed or modified when the content is saved.
We recommend that you do not embed JavaScript into Rich Text fields. Instead, consider adding scripts through site or theme assets, using dedicated components or renderings designed for scripts or embeddings, or implementing controlled custom components with restricted author permissions.
By default, the Rich Text Editor filters executable and potentially unsafe HTML before saving field values, such as:
<script>tags- Inline JavaScript (for example,
onClick,onLoad) - JavaScript URLs (for example,
javascript:)
This reduces the risk of cross-site scripting (XSS) and other script-related issues. You can control how HTML is filtered using the following configuration:
When the configuration setting is set to:
true- script tags and inline scripts are removed before saving. This is the default setting.false- script tags are preserved in Rich Text field values.
Allowing scripts in Rich Text fields can introduce security risks. Only disable this setting if you fully understand the implications and restrict author access accordingly.
To apply the configuration setting:
- Use a patch file in the
App_Config/Includefolder. - Ensure the configuration file is included in your deployment and applied to the correct role.
- After deployment, verify the effective value using
showconfig.aspx.
When rich text content is consumed through GraphQL or rendered outside SXA, the HTML might be further filtered or escaped by the frontend application. Elements such as <iframe> might be blocked by frontend sanitization, rendering logic, or browser security policies (for example, Content Security Policy or X-Frame-Options).