Expand my Community achievements bar.

SOLVED

How to disable HTML cleanup/validation within the contents of a Teaser?

Avatar

Level 2
Level 2
10/15/15 7:27:12 PM

When loading the contents of a Teaser, it appears some kind of HTML validation or cleanup is being run. As a result, the final HTML that is rendered to a page does not match what was in the original JSP. That validator doesn't allow block level elements within an anchor tag (which is valid HTML5)

Steps to reproduce:

1 Create a component with the following structure:

<div class="wrapper"> <a href="http://example.com" class="inner">         <h3>content goes here</h3>         <h4>more content goes here</h4>         <img src="example.jpg"/> </a> </div>

2 Place that component on a page via a Teaser

3 Load the page so that the Teaser displays.

 

Expected Result:

<div class="wrapper"> <a href="http://example.com" class="inner"> <h3>content goes here</h3> <h4>more content goes here</h4> <img src="example.jpg"/> </a> </div>

Actual Result:

 
<div class="wrapper"> <h3>content goes here</h3> <h4>more content goes here</h4> <img src="example.jpg"/> </div>

---- Edit ----

Actually, on further inspection, it appears my <a> are being stripped out no matter how I structure the HTML. Everything works fine if I load the component as a normal element in a paragraph system or page template. It's only an issue when the HTML arrives via AJAX inside a Teaser

Views

703

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:27:12 PM

The XSS API strips away the <a> element if the href attribute has some illegal characters ( for example ‘|’). If the HTML arrives via AJAX then it is automatically parsed by the XSS API, so this is why the problem only occurs in this case.

View solution in original post

Views

547

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 10
Level 10
10/15/15 7:27:12 PM

This issue is being looked into. We will update this thread with the results. 

Views

547

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
10/15/15 7:27:12 PM

So it appears that within a component currentPage.getAbsoluteParent() will return the path to a parent Teaser Page via its campaign, instead of the site content page the Teaser displayed on.

Views

573

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:27:12 PM

The XSS API strips away the <a> element if the href attribute has some illegal characters ( for example ‘|’). If the HTML arrives via AJAX then it is automatically parsed by the XSS API, so this is why the problem only occurs in this case.

Views

548

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
10/15/15 7:27:12 PM

I believe there is something overly aggressive in the URL filtering.

Here's an example of a typical URL that is being populated in my JSP and being stripped:

/content/store/en/product.10005.Dress.html

Views

572

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
10/15/15 7:27:12 PM

I added the anchor attribute to force AEM to skip validation on the URLs:

x-cq-linkchecker="skip"

Looks like my URLs are being changed when the component appears inside a teaser:

  • From page - content/campaigns/campaign_name/product.10002.Dress.html
  • From teaser - content/mysite/en/product.10002.Dress.html

Views

575

Replies

0
Sign in to like this content

Total Likes

Translate
Translate