We have created a component for iframe in touch UI and created a model class, We are trying to load a URL with some parameters
below is the code snippet for reference
<sly data-sly-use.model="com.test.IframeModel">
${model.url @ context='uri'}
<iframe src="${model.url @ context='uri'}"></iframe>
</sly>
generated dome
if we try to display the URL outside iframe src URL is printed on the page, and when hard code the URL sent from backend in the iframe it is loading properly
<iframe src="https://www.mysite.com/?abc=134&fgr=qwe"></iframe>
Solved! Go to Solution.
Thanks for the help guys, I tried context unsafe as well, but it was not working. There was some issue with the value of the parameter which contained [], which was working fine on browser and when hard coded in iframe src, but the XSS filtering was not passing it despite Context set as unsafe,
There was some issue with the value of the parameter it contained [], which was working fine on the browser and when hard coded in iframe tag src, but some the sightly XSS filtering was not allowing it despite setting Context as unsafe. We are now encoding the values and sending it to the component it is working fine now
Hi ritika,
Are you able to see the iframe along with url in view source ?
The image you attached in the question is broken. Can you update that.
Views
Replies
Total Likes
Hi Sunil
Yes I can see Iframe, but there is no src property in that, Please find attached dom
Views
Replies
Total Likes
I tried similar code, I am not able to reproduce the issue.
src tag is visible.
Views
Replies
Total Likes
Can you please share the code snippet of your model class and iframe for reference.
Views
Replies
Total Likes
<sly data-sly-test.model="${'https://www.google.co.in'}"/>
<iframe src="${model @ context='uri'}"></iframe>
Views
Replies
Total Likes
What I believe here is , it could be that since you have some query parameters in your URL, it is considering as an invalid link due to XSS protection. You may have to switch off the XSS protection in this case (which is not normally recommended)
Thanks for the help guys, I tried context unsafe as well, but it was not working. There was some issue with the value of the parameter which contained [], which was working fine on browser and when hard coded in iframe src, but the XSS filtering was not passing it despite Context set as unsafe,
There was some issue with the value of the parameter it contained [], which was working fine on the browser and when hard coded in iframe tag src, but some the sightly XSS filtering was not allowing it despite setting Context as unsafe. We are now encoding the values and sending it to the component it is working fine now
ok. So that means still its not loading. Let me try this out for you.
Views
Replies
Total Likes
I am getting this as susheel mentioned
I have not tried the model part. I will let you know if I am able to replicate the issue that way.
Views
Replies
Total Likes
Hi Veena
As I mentioned earlier, we have "[0]" in the param value which was causing the issue. It was fixed after encoding the values
Views
Replies
Total Likes
Views
Likes
Replies