Allow full display and interaction with Html Emails
26 views
Skip to first unread message
felbus
Apr 14, 2017, 1:03:22 PM4/14/17
to Google Caja Discuss
Hi,
When it is rendered on the page, the images and hrefs are all stripped out. So you cannot see images or click links.
tldr; how do I load an html email in to a div with caja, allowing the loading of images and clickable links
---
Im just starting to use caja, the API links are down, so am not sure whether this is the default behaviour.
I am loading an html email in to a div like this:
caja.load(document.getElementById('messagebox'), undefined, function(frame) {
frame.code(contentUrl, 'text/html').run();
});When it is rendered on the page, the images and hrefs are all stripped out. So you cannot see images or click links.
I am guessing this is the default behaviour to prevent attacks.
My question is how do I allow these to be loaded so that the page is displayed as intended?
Thanks
Kevin Reid
Apr 14, 2017, 1:05:58 PM4/14/17
to Google Caja Discuss
On Fri, Apr 14, 2017 at 2:48 AM, felbus <paul....@gmail.com> wrote:
caja.load(document.getElementById('messagebox'), undefined, function(frame) {
frame.code(contentUrl, 'text/html').run();
});
When it is rendered on the page, the images and hrefs are all stripped out. So you cannot see images or click links.I am guessing this is the default behaviour to prevent attacks.My question is how do I allow these to be loaded so that the page is displayed as intended?
You need to specify the URI policy instead of undefined.
The simplest policy is caja.policy.net.ALL which will allow links and images for all sites.
felbus
Apr 15, 2017, 3:41:26 AM4/15/17
to Google Caja Discuss
yep, that worked, thanks
Reply all
Reply to author
Forward
0 new messages