Expand my Community achievements bar.

SOLVED

Issue with loading an iframe in Sightly (AEM 6.2)

Avatar

Level 2

We have created a component for iframe in touch UI and created a model class, We are trying to load a URL with some parameters

below is the code snippet for reference

     <sly data-sly-use.model="com.test.IframeModel">

           ${model.url @ context='uri'}

          <iframe src="${model.url @ context='uri'}"></iframe>

  </sly>

   

generated dome

if we try to display the URL outside iframe src URL is printed on the page, and when hard code the URL sent from backend in the iframe it is loading properly

          <iframe src="https://www.mysite.com/?abc=134&fgr=qwe"></iframe>

1 Accepted Solution

Avatar

Correct answer by
Level 2

Thanks for the help guys, I tried context unsafe as well, but it was not working. There was some issue with the value of the parameter which contained [], which was working fine on browser and when hard coded in iframe src, but the XSS filtering was not passing it despite Context set as unsafe,

There was some issue with the value of the parameter it contained [], which was working fine on the browser and when hard coded in iframe tag src, but some the sightly XSS filtering was not allowing it despite setting Context as unsafe. We are now encoding the values and sending it to the component it is working fine now

View solution in original post

10 Replies

Avatar

Level 5

Hi ritika,

Are you able to see the iframe along with url in view source ?

The image you attached in the question is broken. Can you update that.

Avatar

Level 2

Hi Sunil

Yes I can see Iframe, but there is no src property in that, Please find attached domdom.JPG

Avatar

Level 5

I tried similar code, I am not able to reproduce the issue.

src tag is visible.

Avatar

Level 2

Can you please share the code snippet of your model class and iframe for reference.

Avatar

Level 5

<sly data-sly-test.model="${'https://www.google.co.in'}"/>

<iframe src="${model @ context='uri'}"></iframe>

Avatar

Community Advisor

ritikas56571222

     What I believe here is , it could be that since you have some query parameters in your URL, it is considering as an invalid link due to XSS protection. You may have to switch off the XSS protection in this case (which is not normally recommended)

Avatar

Correct answer by
Level 2

Thanks for the help guys, I tried context unsafe as well, but it was not working. There was some issue with the value of the parameter which contained [], which was working fine on browser and when hard coded in iframe src, but the XSS filtering was not passing it despite Context set as unsafe,

There was some issue with the value of the parameter it contained [], which was working fine on the browser and when hard coded in iframe tag src, but some the sightly XSS filtering was not allowing it despite setting Context as unsafe. We are now encoding the values and sending it to the component it is working fine now

Avatar

Community Advisor

ok. So that means still its not loading. Let me try this out for you.

Avatar

Community Advisor

I am getting this as susheel mentioned

1271606_pastedImage_0.png

I have not tried the model part. I will let you know if I am able to replicate the issue that way.

Avatar

Level 2

Hi Veena

As I mentioned earlier, we have "[0]" in the param value which was causing the issue. It was fixed after encoding the values