How to disable HTML cleanup/validation within the contents of a Teaser? | Community
Skip to main content
A
Anthony_McLin
New Participant
October 16, 2015
Solved

How to disable HTML cleanup/validation within the contents of a Teaser?

  • October 16, 2015
  • 5 replies
  • 1327 views

When loading the contents of a Teaser, it appears some kind of HTML validation or cleanup is being run. As a result, the final HTML that is rendered to a page does not match what was in the original JSP. That validator doesn't allow block level elements within an anchor tag (which is valid HTML5)

Steps to reproduce:

1 Create a component with the following structure:

<div class="wrapper"> <a href="http://example.com" class="inner">         <h3>content goes here</h3>         <h4>more content goes here</h4>         <img src="example.jpg"/> </a> </div>

2 Place that component on a page via a Teaser

3 Load the page so that the Teaser displays.

 

Expected Result:

<div class="wrapper"> <a href="http://example.com" class="inner"> <h3>content goes here</h3> <h4>more content goes here</h4> <img src="example.jpg"/> </a> </div>

Actual Result:

 
<div class="wrapper"> <h3>content goes here</h3> <h4>more content goes here</h4> <img src="example.jpg"/> </div>

---- Edit ----

Actually, on further inspection, it appears my <a> are being stripped out no matter how I structure the HTML. Everything works fine if I load the component as a normal element in a paragraph system or page template. It's only an issue when the HTML arrives via AJAX inside a Teaser

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by smacdonald2008

The XSS API strips away the <a> element if the href attribute has some illegal characters ( for example ‘|’). If the HTML arrives via AJAX then it is automatically parsed by the XSS API, so this is why the problem only occurs in this case.

5 replies

smacdonald2008
smacdonald2008
New Participant
October 16, 2015

This issue is being looked into. We will update this thread with the results. 

A
Anthony_McLinAuthor
New Participant
October 16, 2015

So it appears that within a component currentPage.getAbsoluteParent() will return the path to a parent Teaser Page via its campaign, instead of the site content page the Teaser displayed on.

smacdonald2008
smacdonald2008Accepted solution
New Participant
October 16, 2015

The XSS API strips away the <a> element if the href attribute has some illegal characters ( for example ‘|’). If the HTML arrives via AJAX then it is automatically parsed by the XSS API, so this is why the problem only occurs in this case.

A
Anthony_McLinAuthor
New Participant
October 16, 2015

I believe there is something overly aggressive in the URL filtering.

Here's an example of a typical URL that is being populated in my JSP and being stripped:

/content/store/en/product.10005.Dress.html

A
Anthony_McLinAuthor
New Participant
October 16, 2015

I added the anchor attribute to force AEM to skip validation on the URLs:

x-cq-linkchecker="skip"

Looks like my URLs are being changed when the component appears inside a teaser:

  • From page - content/campaigns/campaign_name/product.10002.Dress.html
  • From teaser - content/mysite/en/product.10002.Dress.html
Terms & ConditionsAccessibility statement

Loading footer...