some iframe URLs are removed upon save of KB Article

Kevin
Tera Expert

Hello - thank you for reading this.

When I try to embed a video into a SN KB Article - the url in the iframe for *some* sites is removed when I save the document. The video displays and is playable until I save the KB article. Then it disappears and upon inspection of the source code the url has been removed. 

The Youtube video example Url is not removed, but the MS Stream is . Perhaps Security?

For example: 

Youtube Video
<p><iframe src="https://www.youtube.com/embed/PX3A7GLtFqM" width="560" height="315" allowfullscreen=""></iframe></p>

MS Stream Video
<p><iframe src="https://web.microsoftstream.com/embed/video/b32a8221-8a34-43be-b351-dfeef975c353" width="640" height="360"></iframe></p>

Further,
I have also tried to use the embed video html control - and this shows a grey video placeholder which has controls but it does not work to play back the video.

find_real_file.png

Has anyone else encountered this?

Any suggestions are welcome

1 ACCEPTED SOLUTION

Hi Kevin,

Try something like this:

 iframe: {
            attribute: ["width", "height", "controls", "autoplay", "loop", "muted", "poster", "preload", "src", "allow", "allowfullscreen"],
            attributeValuePattern: {}
        },

I seem to recall we didnt have issues with youtube videos, but needed to adjust the sanitizer for videos from other sources.

 

View solution in original post

8 REPLIES 8

Kevin
Tera Expert

Thanks @Thomas Hawinkels ,

I tried it again, in our DEV environment, and BOTH the Youtube & MSStream URLs are removed upon save. It must be the Sanitize settings.

I have added the iframe to the HTML_WHITELIST but this has not changed the behaviour. (See the HTMLSanitizerConfig below)

@Barry when you 'adjust the allow list' to prevent the URLs from being stripped, could  you tell me more about how you accomplished that? I cannot see / intuit how to do that with HTMLSanitizerConfig 

Thanks for all your help!

var HTMLSanitizerConfig = Class.create();
HTMLSanitizerConfig.prototype = {
	initialize: function() {
	},
	
	HTML_WHITELIST : {
		globalAttributes: {
			attribute:[],
			attributeValuePattern:{}
		},
		iframe:{},
	},
	
	HTML_BLACKLIST : {
		globalAttributes: {},
	},
	
	getWhiteList : function() {
		return this.HTML_WHITELIST;
	},
	
	getBlackList : function() {
		return this.HTML_BLACKLIST;
	},
	
	type: 'HTMLSanitizerConfig'
}

Hi Kevin,

Try something like this:

 iframe: {
            attribute: ["width", "height", "controls", "autoplay", "loop", "muted", "poster", "preload", "src", "allow", "allowfullscreen"],
            attributeValuePattern: {}
        },

I seem to recall we didnt have issues with youtube videos, but needed to adjust the sanitizer for videos from other sources.

 

Kevin
Tera Expert

Thanks @Barry  this worked!

Excellent, great to hear Kevin.