On Fri, Apr 14, 2017 at 2:48 AM, felbus <[email protected]> wrote:
> caja.load(document.getElementById('messagebox'), undefined, function(frame) {
> frame.code(contentUrl, 'text/html').run();
> });
>
>
> When it is rendered on the page, the images and hrefs are all stripped
> out. So you cannot see images or click links.
>
> I am guessing this is the default behaviour to prevent attacks.
>
> My question is how do I allow these to be loaded so that the page is
> displayed as intended?
>
You need to specify the URI policy instead of undefined.
The simplest policy is caja.policy.net.ALL which will allow links and
images for all sites.
--
---
You received this message because you are subscribed to the Google Groups
"Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
