Knowledge Article's using iFrame's in Source Code keep committing from update Set without src URL

Sean23 · ‎07-16-2024

I am currently working on a Knowledge Base, where all of the Knowledge Articles in it are utilizing iFrames to display PDFs from SharePoint via Source Code in the Article Body. We have to migrate these KAs through our instances due to security constraints through Update Sets via Remote Instances.

I have the Knowledge Articles in an Update Set which is being brought in correctly with the src="[URL]" in the iFrame source code and can view the URLs in there for these articles in each individual update. However, when I commit the Update Set, only the src portion is being removed from the iFrame in the Source Code of each KA.

For example:

In Development -

In Test after commit -

Does anyone know why the src URLs that actually have the PDFs for the iFrames keep getting removed entirely? Hoping to figure this out without having to make individual changes to each article as there are over 200 we created. Thanks for the help!

Community Alums · ‎07-16-2024

Hi @Sean23 ,

This might be due to the HTML Sanitizer Scripts present in the system as the <iframe> tag is not allowed due to possible vulnerability to cross domain attacks.

You need to modify the HTMLSanitizerConfig script include to whitelist iFrame tags.

This screenshot is OOTB config.

Update you need to do-

	HTML_WHITELIST : {
		globalAttributes: {
			attribute:[],
			attributeValuePattern:{}
		},
		iframe:{
			attribute:["width", "height","src","frameborder","allow","allowfullscreen"],
			attributeValuePattern:{}
		 },
	},

Know more about - https://docs.servicenow.com/bundle/washingtondc-platform-security/page/administer/security/concept/c...

If my response has resolved your query, please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!

Thanks & Regards,

Sanjay Kumar

View solution in original post

Community Alums · ‎07-16-2024