some iframe URLs are removed upon save of KB Article

Kevin
Tera Expert

Hello - thank you for reading this.

When I try to embed a video into a SN KB Article - the url in the iframe for *some* sites is removed when I save the document. The video displays and is playable until I save the KB article. Then it disappears and upon inspection of the source code the url has been removed. 

The Youtube video example Url is not removed, but the MS Stream is . Perhaps Security?

For example: 

Youtube Video
<p><iframe src="https://www.youtube.com/embed/PX3A7GLtFqM" width="560" height="315" allowfullscreen=""></iframe></p>

MS Stream Video
<p><iframe src="https://web.microsoftstream.com/embed/video/b32a8221-8a34-43be-b351-dfeef975c353" width="640" height="360"></iframe></p>

Further,
I have also tried to use the embed video html control - and this shows a grey video placeholder which has controls but it does not work to play back the video.

find_real_file.png

Has anyone else encountered this?

Any suggestions are welcome

1 ACCEPTED SOLUTION

Hi Kevin,

Try something like this:

 iframe: {
            attribute: ["width", "height", "controls", "autoplay", "loop", "muted", "poster", "preload", "src", "allow", "allowfullscreen"],
            attributeValuePattern: {}
        },

I seem to recall we didnt have issues with youtube videos, but needed to adjust the sanitizer for videos from other sources.

 

View solution in original post

8 REPLIES 8

Allen Andreas
Administrator
Administrator

Hi,

I believe this is due to the fact that there's an "authentication layer" on top of the video. So if I just try to go to the URL right now that you've shared, I have to login, it's not public. Whereas the YouTube video is accessible.

If you can get the more direct link to the video, if possible, and/or review the ability to make the link "public", I think you'll have success.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

I am checking with my stakeholder if posting a bare URL to view the video in a new window (with authentication) is an acceptable User Experience.

Thanks for your reply.

Thomas Hawinkel
Tera Contributor

Just in case the authentication is not the issue, you might want to check if youtube as a src is allow-listed in the html-sanitizer while the MS url is not.

https://docs.servicenow.com/bundle/paris-servicenow-platform/page/administer/security/task/t_ConfigureHTMLSanitizer.html

Barry_W
Mega Guru

I suspect Thomas is correct. I've had exactly the same issue in the past, where the code is removed upon saving and we had to adjust the allow list.