The Core Components Embed Component allows embedding external content in an AEM content page.
The Core Component Embed Component allows the content author to define selected external content to be embedded within an AEM content page. In addition, there is an option to define free-form HTML to be embedded as well.
This document describes v1 of the Embed Component, which was introduced with release 2.7.0 of the Core Components in September 2019.
This document describes v1 of the Embed Component.
For details of the current version of the Embed Component, see the Embed Component document.
To experience the Embed Component as well as see examples of its configuration options as well as HTML and JSON output, visit the Component Library.
The latest technical documentation about the Embed Component can be found on GitHub.
Further details about developing Core Components can be found in the Core Components developer documentation.
The configure dialog allows the content author to define the external resource to be embedded on the page. First choose which type of resource should be embedded:
For each type of embeddable, you can define ad ID. This option allows to control the unique identifier of the component in the HTML and in the Data Layer.
The simplest embed is the URL. Simply paste the URL of the resource you wish to embed in the URL field. The component will attempt to access the resource and if it can be rendered by one of the processors, it will display a confirmation message below the URL field. If not, the field will be marked in error.
The Embed Component ships with processors for the following types of resources:
Developers can add additional URL processors by following the developer documentation of the Embed Component.
Embeddables allow for more customization of the embedded resource, which can be parameterized and include additional information. An author is able to select from pre-configured trusted embeddables and the component ships with a YouTube embeddable out-of-the-box.
The Embeddable field defines the type of processor you want to use. In the case of the YouTube embeddable you can then define:
Note that the “enable” options must be activated through the Design Dialog and can be set as default values.
Other embeddables would offer similar fields and can be defined by a developer by following the developer documentation of the Embed Component.
Embeddables must be enabled at the template level via the Design Dialog to be available to the page author.
You can add free-form HTML to your page using the Embed Component.
Any unsafe tags such as scripts will be filtered from the entered HTML and will not be rendered on the resulting page.
The HTML markup that the author can enter is filtered for security purposes to avoid cross-site scripting attacks that could for example allow authors to gain administrative rights.
In general, all script and style
elements as well as all on*
and style
attributes will be removed from the output.
However the rules are more complicated because the Embed Component follows AEM’s global HTML AntiSamy sanitation framework filtering rule set, which can be found at /libs/cq/xssprotection/config.xml
. This can be overlaid for project-specific configuration by a developer if required.
Additional security information can be found in the AEM developer documentation for on-premise installations as well as AEM as a Cloud Service installations.
Although the AntiSamy sanitation framework rules can be configured by overlaying /libs/cq/xssprotection/config.xml
, these changes affect all HTL and JSP behavior and not just the Embed Core Component.
The design dialog allows the template author to define the options available to the content author who uses the Embed Component and the defaults set when placing the Embed Component.