Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to disable HTML cleanup/validation within the contents of a Teaser?

Anthony_McLin
Level 2
Level 2

When loading the contents of a Teaser, it appears some kind of HTML validation or cleanup is being run. As a result, the final HTML that is rendered to a page does not match what was in the original JSP. That validator doesn't allow block level elements within an anchor tag (which is valid HTML5)

Steps to reproduce:

1 Create a component with the following structure:

<div class="wrapper"> <a href="http://example.com" class="inner">         <h3>content goes here</h3>         <h4>more content goes here</h4>         <img src="example.jpg"/> </a> </div>

2 Place that component on a page via a Teaser

3 Load the page so that the Teaser displays.

 

Expected Result:

<div class="wrapper"> <a href="http://example.com" class="inner"> <h3>content goes here</h3> <h4>more content goes here</h4> <img src="example.jpg"/> </a> </div>

Actual Result:

 
<div class="wrapper"> <h3>content goes here</h3> <h4>more content goes here</h4> <img src="example.jpg"/> </div>

---- Edit ----

Actually, on further inspection, it appears my <a> are being stripped out no matter how I structure the HTML. Everything works fine if I load the component as a normal element in a paragraph system or page template. It's only an issue when the HTML arrives via AJAX inside a Teaser

1 Accepted Solution
smacdonald2008
Correct answer by
Level 10
Level 10

The XSS API strips away the <a> element if the href attribute has some illegal characters ( for example ‘|’). If the HTML arrives via AJAX then it is automatically parsed by the XSS API, so this is why the problem only occurs in this case.

View solution in original post

5 Replies
smacdonald2008
Level 10
Level 10

This issue is being looked into. We will update this thread with the results. 

Anthony_McLin
Level 2
Level 2

So it appears that within a component currentPage.getAbsoluteParent() will return the path to a parent Teaser Page via its campaign, instead of the site content page the Teaser displayed on.

smacdonald2008
Correct answer by
Level 10
Level 10

The XSS API strips away the <a> element if the href attribute has some illegal characters ( for example ‘|’). If the HTML arrives via AJAX then it is automatically parsed by the XSS API, so this is why the problem only occurs in this case.

View solution in original post

Anthony_McLin
Level 2
Level 2

I believe there is something overly aggressive in the URL filtering.

Here's an example of a typical URL that is being populated in my JSP and being stripped:

/content/store/en/product.10005.Dress.html

Anthony_McLin
Level 2
Level 2

I added the anchor attribute to force AEM to skip validation on the URLs:

x-cq-linkchecker="skip"

Looks like my URLs are being changed when the component appears inside a teaser:

  • From page - content/campaigns/campaign_name/product.10002.Dress.html
  • From teaser - content/mysite/en/product.10002.Dress.html