Back to YAP Forum
0

_blank gets deleted & invalid bridge token

Hi,

I am creating a widget loosely based on the accordion example. The strange thing that happens is that in an a tag inside of the content that get's triggered by the accordion menu the target="_blank" attribute get's deleted. So the first shown accordion content has the _blank in it correctly, but once I switch it, href and class remain, but target gets stripped.
It also is deleted from the Small View in all cases (so even the first one).

Another problem is that I get the error message "Invalid bridge token" a lot. Either on a canvas page reload (without shift/ctrl) or if I use the browser back button to get back to the canvas page.

Any ideas?

Here are some snipplets of the code:
Accordion buttons:
<yml:a view="YahooFullView" params="accordion.php?expand='.$ck.'" replace="maincontent" >'.$cv.'</yml:a>
...
$html.='<a href="link.php" target="_blank" class="itemlinks">'.$productarray[$ck][$pk]['title'].'</a>';


Thanks,
Sebastian

by
Report Abuse
10 Replies
  • Regarding the _blank issue, I believe the problem there might be due to the caja client-side parser. When the accordion first renders the server-side cajoler is what sanitizes the code. When innerHTML calls are made (for instance by using a yml:a tag with an insert / replace parameter) the client-side parser sanitizes that code, and that sanitizer is quite a bit more strict about what you're doing. I'm going to run a few test cases to see if this is what is happening, and if so I'll file a bug as target should not be stripped. I'll see if there's a way of solving this after the return...I'll get back to you.

    For the invalid bridge token problem, I thought the bug for that should have been pushed in the most recent update (on Wednesday) to the platform, but if you are still seeing that right now let me know and I'll dig a bit more.

    Jonathan LeBlanc
    Senior Software Engineer
    Yahoo! Developer Network

    QUOTE (kiaqu @ Mar 26 2009, 01:11 PM) <{POST_SNAPBACK}>
    Hi,

    I am creating a widget loosely based on the accordion example. The strange thing that happens is that in an a tag inside of the content that get's triggered by the accordion menu the target="_blank" attribute get's deleted. So the first shown accordion content has the _blank in it correctly, but once I switch it, href and class remain, but target gets stripped.
    It also is deleted from the Small View in all cases (so even the first one).

    Another problem is that I get the error message "Invalid bridge token" a lot. Either on a canvas page reload (without shift/ctrl) or if I use the browser back button to get back to the canvas page.

    Any ideas?

    Here are some snipplets of the code:
    Accordion buttons:
    <yml:a view="YahooFullView" params="accordion.php?expand='.$ck.'" replace="maincontent" >'.$cv.'</yml:a>
    ...
    $html.='<a href="link.php" target="_blank" class="itemlinks">'.$productarray[$ck][$pk]['title'].'</a>';


    Thanks,
    Sebastian
    Report Abuse
    0
  • QUOTE (Jon @ Mar 27 2009, 09:55 AM) <{POST_SNAPBACK}>
    Regarding the _blank issue, I believe the problem there might be due to the caja client-side parser. When the accordion first renders the server-side cajoler is what sanitizes the code. When innerHTML calls are made (for instance by using a yml:a tag with an insert / replace parameter) the client-side parser sanitizes that code, and that sanitizer is quite a bit more strict about what you're doing. I'm going to run a few test cases to see if this is what is happening, and if so I'll file a bug as target should not be stripped. I'll see if there's a way of solving this after the return...I'll get back to you.

    For the invalid bridge token problem, I thought the bug for that should have been pushed in the most recent update (on Wednesday) to the platform, but if you are still seeing that right now let me know and I'll dig a bit more.

    Jonathan LeBlanc
    Senior Software Engineer
    Yahoo! Developer Network


    Thank you very much for looking into this.
    If it's any help: the same thing happened to <br /> tags. They also seem to be deleted by the client side parser.

    The invalid bridgeToken still happens for me. Also on a timeout on the canvas page, a simple reload fires another error: Missing or invalid request.

    Here is my application:
    http://apps.yahoo.com/-P1VMK87k/
    Report Abuse
    0
  • I just tested in IE7 & 8 and they both don't show the invalid bridgeToken error. Firefox still does it (with Firebug enabled or disabled) though.
    Report Abuse
    0
  • I was able to replicate some of this behavior...and I may have a solution. I'm not 100% sure this will work for what you're seeing but let's give it a try.

    What I saw was that caja was stripping attributes from the <a> tags when I used a relative url for the href, but when I used an absolute path everything was fine. Can you try to add an absolute url for the href (i.e. if it stays on the app something like: <a href="http://apps.yahoo.com/-{YOUR APP ID}/YahooFullView/accordion.php?expand=1" target="_blank" class="itemlinks">LINK HERE</a>

    I'll dig a little bit more into the invalid bridge token issue.

    - Jon

    QUOTE (kiaqu @ Mar 27 2009, 11:58 AM) <{POST_SNAPBACK}>
    I just tested in IE7 & 8 and they both don't show the invalid bridgeToken error. Firefox still does it (with Firebug enabled or disabled) though.
    Report Abuse
    0
  • QUOTE (Jon @ Mar 27 2009, 12:59 PM) <{POST_SNAPBACK}>
    I was able to replicate some of this behavior...and I may have a solution. I'm not 100% sure this will work for what you're seeing but let's give it a try.

    What I saw was that caja was stripping attributes from the <a> tags when I used a relative url for the href, but when I used an absolute path everything was fine. Can you try to add an absolute url for the href (i.e. if it stays on the app something like: <a href="http://apps.yahoo.com/-{YOUR APP ID}/YahooFullView/accordion.php?expand=1" target="_blank" class="itemlinks">LINK HERE</a>

    I'll dig a little bit more into the invalid bridge token issue.

    - Jon


    Thanks again.
    I used a <yml:a> for the accordion buttons and inside the accordion content normal <a> tags with the _blank that gets deleted. The latter one has an absolute, external URL. Do you suggest, I use a normal <a> for the accordion buttons and just replace the whole content instead of using the replace attribute? Would that work in the profile view?

    Sebastan
    Report Abuse
    0
  • Ok, so I just tested it and it seems to work in the Canvas View. But on the profile view it sends me to the Canvas View, which is not really what I wanted to do. So I might have to use different code for it.

    Also the target="_blank" is stripped in the profile view anyway. Is there a way to set links to blank in the profile box?

    Sebastian
    Report Abuse
    0
  • Hey Sebastian,

    I'll see if I can put together an implementation of the accordion sample with <a> tags within and post back what I can find out. For the issue of the yml:a tags linking you off to the canvas view, if you specify view="YahooSmallView" that should keep you on the small view (e.g. <yml:a view="YahooSmallView">).

    - Jon

    QUOTE (kiaqu @ Mar 27 2009, 02:14 PM) <{POST_SNAPBACK}>
    Ok, so I just tested it and it seems to work in the Canvas View. But on the profile view it sends me to the Canvas View, which is not really what I wanted to do. So I might have to use different code for it.

    Also the target="_blank" is stripped in the profile view anyway. Is there a way to set links to blank in the profile box?

    Sebastian
    Report Abuse
    0
  • QUOTE (Jon @ Mar 31 2009, 09:23 AM) <{POST_SNAPBACK}>
    Hey Sebastian,

    I'll see if I can put together an implementation of the accordion sample with <a> tags within and post back what I can find out. For the issue of the yml:a tags linking you off to the canvas view, if you specify view="YahooSmallView" that should keep you on the small view (e.g. <yml:a view="YahooSmallView">).

    - Jon


    Hi Jon,

    I really appreciate the time you put into this. I tried the YahooSmallView parameter, but it does not switch the accordion in small view at all. It sends out a GET request, but does not change anything. Maybe it's in the parameter encoding: Firebug shows this as part of the requested URL: &get_params=accordion.php%3Fexpand%3D6&debug=0

    With YahooFullView I can get the first switch to work, but then the canvas html is rendered, because the profile html is set with setSmallView. So then the links will be normal <a> tags instead of <yml:a>. Maybe I could work around that if I could check the state the tool is in (small or canvas), but I didn't find anything like that in the documentation. It's really getting more complicated than it should be...

    Sebastian
    Report Abuse
    0
  • Ok, I thought there might be something with the sample that was causing the problem but it appears that target is specifically removed from <a> tags in the small view. If a relative path is placed on the <a> tag it looks like the href is removed as well...so I was able to duplicate the functionality that you are seeing. yml:a tags do not support the target="_blank" property and I have not been able to find functionality for including this within <a> tags on the small view.

    I'll file a bug for the functionality but this change probably won't roll out within the next few weeks, so if you have an alternative I would use that. You could just let the <a> tags change the current page without the _blank.

    I'll let you know if I can find anything further.
    - Jon
    Report Abuse
    0
  • Ok, well I guess I'm back to square one then. I'll just have to live without the _blank attribute for now. :|
    Would be good if at least the bridge token error wouldn't show up...

    Thanks anyway,
    Sebastian
    Report Abuse
    0
Ask a Question

Recent Posts

in YAP