Expand my Community achievements bar.

SOLVED

Embed Component not allowing for Iframe to load

Avatar

Level 1

Hello!

 

We are in the midst of a implementation and are looking to test an Iframe embed using the Core Embed component. 

 

When in AEM author we are able to add the HTML to the Author interface and it looks like this:

<iframe class="jebbit-iframe" src="https://jebbit.com/nve0msu0?L=Owned+Web&deferred=true" seamless="true" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen style="width:100%;min-height:600px;" onload="function embedJebbit(t){function e(t){var e='attach'===t?window.addEventListener:window.removeEventListener;e('DOMContentLoaded',i,!1),e('load',i,!1),e('scroll',i,!1),e('resize',i,!1)}var n=document.querySelector(t);function i(){(function(t){var e=t.getBoundingClientRect(),n=t.clientHeight/2,i=t.clientWidth/2;return e.top>=0&&e.left>=0&&e.top<=(window.innerHeight||document.documentElement.clientHeight)-n&&e.left<=(window.innerWidth||document.documentElement.clientWidth)-i})(n)&&n.contentWindow.postMessage('startJebbitCampaign','*')}window.addEventListener('message',function(t){t&&('jebbitSessionCreated'===t.data?e('remove'):'jebbitCampaignLoaded'===t.data?i():t.data&&'redirect'===t.data.action&&t.data.options&&t.data.options.link&&(window.location.href=t.data.options.link))},!1),e('attach')}embedJebbit('.jebbit-iframe');"></iframe>

When we input this through the RTE of the text component, it will show the experience before the component update is saved on the author page. 

 

When we test on a preview or the publisher, the Iframe is not displaying. We troubleshot the issue with the dev tools inspect, which is not showing any class. 

 

Has anyone had a similar experience with the embedded component or even better any direct experience embedding Jebbit on an AEM page. 

 

1 Accepted Solution

Avatar

Correct answer by
Level 3

@karlschaenzer This is likely due to the OOTB XSS configuration which restricts the URLs allowed in an <iframe> element. What you would need to do is overlay the existing configuration as documented at the below link.

Within the configuration update the iframesrc property regex to include your URL. It is not recommended to apply the anything rule for iframes as this introduces a security risk.

https://experienceleague.adobe.com/docs/experience-manager-64/developing/introduction/security.html?...

View solution in original post

1 Reply

Avatar

Correct answer by
Level 3

@karlschaenzer This is likely due to the OOTB XSS configuration which restricts the URLs allowed in an <iframe> element. What you would need to do is overlay the existing configuration as documented at the below link.

Within the configuration update the iframesrc property regex to include your URL. It is not recommended to apply the anything rule for iframes as this introduces a security risk.

https://experienceleague.adobe.com/docs/experience-manager-64/developing/introduction/security.html?...