- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi all, I'm attempting to add to the HTML Sanitizer Config whitelist so it only allows iframe URLs from "https://scribehow.com/embed/". I have the HTML Sanitizer Config set to the following but it's not blocking other URLs? What am I doing wrong?
var HTMLSanitizerConfig = Class.create();
HTMLSanitizerConfig.prototype = {
initialize: function() {
},
HTML_WHITELIST : {
globalAttributes: {
attribute:[],
attributeValuePattern:{}
},
iframe:{
attribute:["width", "height","src","frameborder","allow","allowfullscreen"], attributeValuePattern: {src: /^https:\/\/scribehow\.com\/embed\//}
}
},
HTML_BLACKLIST : {
globalAttributes: {},
},
getWhiteList : function() {
return this.HTML_WHITELIST;
},
getBlackList : function() {
return this.HTML_BLACKLIST;
},
type: 'HTMLSanitizerConfig'
};
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
I reached out to ServiceNow Support and they provided me with a src attribute that worked. The whitelist that worked for me is below.
HTML_WHITELIST : {
globalAttributes: {
attribute: [],
attributeValuePattern: {}
},
iframe: {
attribute: ["width", "height", "src", "frameborder", "allow", "allowfullscreen"],
attributeValuePattern: {
// allow only scribehow.com/embed with optional path/query
src: "^https://scribehow.com/embed/.*$"
}
}
}- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
I reached out to ServiceNow Support and they provided me with a src attribute that worked. The whitelist that worked for me is below.
HTML_WHITELIST : {
globalAttributes: {
attribute: [],
attributeValuePattern: {}
},
iframe: {
attribute: ["width", "height", "src", "frameborder", "allow", "allowfullscreen"],
attributeValuePattern: {
// allow only scribehow.com/embed with optional path/query
src: "^https://scribehow.com/embed/.*$"
}
}
}
