Adobe Experience Manager Sites & More

ritikas56571222 · 8/3/17

We have created a component for iframe in touch UI and created a model class, We are trying to load a URL with some parameters

below is the code snippet for reference

<sly data-sly-use.model="com.test.IframeModel">

${model.url @ context='uri'}

<iframe src="${model.url @ context='uri'}"></iframe>

</sly>

generated dome

if we try to display the URL outside iframe src URL is printed on the page, and when hard code the URL sent from backend in the iframe it is loading properly

<iframe src="https://www.mysite.com/?abc=134&fgr=qwe"></iframe>

ritikas56571222 · 8/3/17

Thanks for the help guys, I tried context unsafe as well, but it was not working. There was some issue with the value of the parameter which contained [], which was working fine on browser and when hard coded in iframe src, but the XSS filtering was not passing it despite Context set as unsafe,

There was some issue with the value of the parameter it contained [], which was working fine on the browser and when hard coded in iframe tag src, but some the sightly XSS filtering was not allowing it despite setting Context as unsafe. We are now encoding the values and sending it to the component it is working fine now

View solution in original post

susheel · 8/3/17

Hi ritika,

Are you able to see the iframe along with url in view source ?

The image you attached in the question is broken. Can you update that.

ritikas56571222 · 8/3/17

Hi Sunil

Yes I can see Iframe, but there is no src property in that, Please find attached dom

susheel · 8/3/17

I tried similar code, I am not able to reproduce the issue.

src tag is visible.

ritikas56571222 · 8/3/17

Can you please share the code snippet of your model class and iframe for reference.

susheel · 8/3/17

<sly data-sly-test.model="${'https://www.google.co.in'}"/>
<iframe src="${model @ context='uri'}"></iframe>

VeenaVikraman · 8/3/17

ritikas56571222

What I believe here is , it could be that since you have some query parameters in your URL, it is considering as an invalid link due to XSS protection. You may have to switch off the XSS protection in this case (which is not normally recommended)

ritikas56571222 · 8/3/17

Thanks for the help guys, I tried context unsafe as well, but it was not working. There was some issue with the value of the parameter which contained [], which was working fine on browser and when hard coded in iframe src, but the XSS filtering was not passing it despite Context set as unsafe,

There was some issue with the value of the parameter it contained [], which was working fine on the browser and when hard coded in iframe tag src, but some the sightly XSS filtering was not allowing it despite setting Context as unsafe. We are now encoding the values and sending it to the component it is working fine now

VeenaVikraman · 8/3/17

ok. So that means still its not loading. Let me try this out for you.

VeenaVikraman · 8/3/17

I am getting this as susheel mentioned

I have not tried the model part. I will let you know if I am able to replicate the issue that way.

ritikas56571222 · 8/3/17

Hi Veena

As I mentioned earlier, we have "[0]" in the param value which was causing the issue. It was fixed after encoding the values

Adobe Experience Manager Sites & More

Issue with loading an iframe in Sightly (AEM 6.2)

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe