I am trying to display an html email in a webpage using caja. I am loading it like this:
caja.load(document.getElementById('messagebox'), undefined, function(frame) {
frame.code(contentUrl, 'text/html').run();
});
When it renders, all anchor href and image src tags are stripped. So you cannot see images or click links. I am guessing this is the default behaviour to prevent attacks.
Is there a way to allow the html to be rendered as intended, displaying all images and having clickable links?
just starting using caja today and the links to api docs go to 404 so cannot find the info.
Thanks
Use this policy caja.policy.net.ALL instead of undefined when you call load