Issue with loading an iframe in Sightly (AEM 6.2)

Forum|Forum|8 years ago
August 3, 2017
10 replies
6432 views

We have created a component for iframe in touch UI and created a model class, We are trying to load a URL with some parameters

below is the code snippet for reference

<sly data-sly-use.model="com.test.IframeModel">

${model.url @ context='uri'}

<iframe src="${model.url @ context='uri'}"></iframe>

</sly>

generated dome

Source image file 7090 not available

if we try to display the URL outside iframe src URL is printed on the page, and when hard code the URL sent from backend in the iframe it is loading properly

<iframe src="https://www.mysite.com/?abc=134&fgr=qwe"></iframe>

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by ritikas56571222

Thanks for the help guys, I tried context unsafe as well, but it was not working. There was some issue with the value of the parameter which contained [], which was working fine on browser and when hard coded in iframe src, but the XSS filtering was not passing it despite Context set as unsafe,

There was some issue with the value of the parameter it contained [], which was working fine on the browser and when hard coded in iframe tag src, but some the sightly XSS filtering was not allowing it despite setting Context as unsafe. We are now encoding the values and sending it to the component it is working fine now

susheel

Level 5

Hi ritika,

Are you able to see the iframe along with url in view source ?

The image you attached in the question is broken. Can you update that.

R

ritikas56571222Author

Level 2

Hi Sunil

Yes I can see Iframe, but there is no src property in that, Please find attached dom

susheel

Level 5

I tried similar code, I am not able to reproduce the issue.

src tag is visible.

R

ritikas56571222Author

Level 2

Can you please share the code snippet of your model class and iframe for reference.

susheel

Level 5

<sly data-sly-test.model="${'https://www.google.co.in'}"/>
<iframe src="${model @ context='uri'}"></iframe>

VeenaVikraman

Community Advisor

ritikas56571222

What I believe here is , it could be that since you have some query parameters in your URL, it is considering as an invalid link due to XSS protection. You may have to switch off the XSS protection in this case (which is not normally recommended)

R

ritikas56571222AuthorAccepted solution

Level 2

Thanks for the help guys, I tried context unsafe as well, but it was not working. There was some issue with the value of the parameter which contained [], which was working fine on browser and when hard coded in iframe src, but the XSS filtering was not passing it despite Context set as unsafe,

There was some issue with the value of the parameter it contained [], which was working fine on the browser and when hard coded in iframe tag src, but some the sightly XSS filtering was not allowing it despite setting Context as unsafe. We are now encoding the values and sending it to the component it is working fine now