HTML Field Security in SharePoint Online

Requirement: Configure HTML Field Security in SharePoint Online

HTML Field Security in SharePoint Online:
IFrames can lead to JavaScript injection attack, hence We've a security precaution in SharePoint Online to allow embed scripts only from trusted domains. If you try to add embed script from any other site, You'll get an error message: "Embedding content from this website isn't allowed, but your admin can change this setting. They will need to add '' to the list of sites that are allowed."

Add Trusted Domain to HTML Field Security List:
SharePoint Online comes with a default list of web sites from which content can be displayed. You can add or remove sites in this list. To add a site to trusted sites list to embed IFrame, follow these steps:
  • Go to Your SharePoint Online Site Collection >> Site Settings >> Click on "HTML Field Security" under Site Collection Administration 
  • Set "Allow contributors to insert iframes only from the following domains" option. 
  • Add your custom video domain to the list and Click on "OK" to save your changes.
Please note, custom script must be turned ON to get "HTML Field Security" link in site settings! Use: "Set-SPOsite -DenyAddAndCustomizePages 0" to enable scripts for your SharePoint Online site. More info here: How to Enable Custom Scripts in SharePoint Online?

HTML Field Security in SharePoint Online using PowerShell?
As of today, There is no method to set safe domains in client object model. So, You can't configure the HTML Field security's trusted sites list through PowerShell. You have to manually do this settings from UI.
HTML Field Security in SharePoint Online HTML Field Security in SharePoint Online Reviewed by Salaudeen Rajack on April 28, 2018 Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.