hello,
In a new project, we need to use an iframe to embed a web page from another site into AMS's AEM.
We plan to solve this using the ootb core embed component.
The web page we are trying to embed using an embed(iframe) is managed by the same group and is a web page created in asp/aspx and located on the iis web server.
We have a proxy embed component and embed.html under the proxy embed component.
And we modified it <sly data-sly-test="${embed.html}">${embed.html @CONTEXT = 'unsafe'}</sly>.
We are going to use URL and HTML.
I think we need to modify /libs/cq/xssprotection/config.xml, but my questions are:
1. Is it possible to overlay with /apps/cq/xssprotection/config.xml?
2. If overlay is possible, should we include this as our source code and do source control with other code?
3. What parts should be modified/added in this file in order to embed web pages using URL and HTML ways?
thank you
Solved! Go to Solution.
Views
Replies
Total Likes
Thank you, Arun Patidar
We are going to use core components as much as possible.
For this project related to core embed component for iframe, we want to use 2 parts from embed dialog- URL and HTML.
Would you recommend how to archive this?
Regards,
Views
Replies
Total Likes
Hi @keehwan1
URL option is no going to help here.
for HTML option, you may need to change settings to allow certain tags
The HTML markup that the author can enter is filtered for security purposes to avoid cross-site scripting attacks that could for example allow authors to gain administrative rights.
In general, all script and style
elements as well as all on*
and style
attributes will be removed from the output.
However the rules are more complicated because the Embed Component follows AEM’s global HTML AntiSamy sanitation framework filtering rule set, which can be found at /libs/cq/xssprotection/config.xml
. This can be overlaid for project-specific configuration by a developer if required.
Additional security information can be found in the AEM developer documentation for on-premise installations as well as AEM as a Cloud Service installations.
/libs/cq/xssprotection/config.xml
, these changes affect all HTL and JSP behavior and not just the Embed Core Component.Views
Replies
Total Likes
Thank you so much.
Your codes cover most of our requirement.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Like
Replies