some iframe URLs are removed upon save of KB Article

Go to solution
Kevin
Tera Expert

‎07-22-2022 08:08 AM

Hello - thank you for reading this.

When I try to embed a video into a SN KB Article - the url in the iframe for *some* sites is removed when I save the document. The video displays and is playable until I save the KB article. Then it disappears and upon inspection of the source code the url has been removed. 

The Youtube video example Url is not removed, but the MS Stream is . Perhaps Security?

For example: 

Youtube Video
<p><iframe src="https://www.youtube.com/embed/PX3A7GLtFqM" width="560" height="315" allowfullscreen=""></iframe></p>

MS Stream Video
<p><iframe src="https://web.microsoftstream.com/embed/video/b32a8221-8a34-43be-b351-dfeef975c353" width="640" height="360"></iframe></p>

Further,
I have also tried to use the embed video html control - and this shows a grey video placeholder which has controls but it does not work to play back the video.

find_real_file.png

Has anyone else encountered this?

Any suggestions are welcome

Labels:
Preview file
6 KB
  • 2,669 Views
1 ACCEPTED SOLUTION

Go to solution
Barry_W
Mega Guru
In response to Kevin

‎08-01-2022 09:33 AM

Hi Kevin,

Try something like this:

 iframe: {
            attribute: ["width", "height", "controls", "autoplay", "loop", "muted", "poster", "preload", "src", "allow", "allowfullscreen"],
            attributeValuePattern: {}
        },

I seem to recall we didnt have issues with youtube videos, but needed to adjust the sanitizer for videos from other sources.

 

View solution in original post

8 REPLIES 8

Go to solution
Allen Andreas
Administrator
Administrator

‎07-22-2022 08:18 AM

Hi,

I believe this is due to the fact that there's an "authentication layer" on top of the video. So if I just try to go to the URL right now that you've shared, I have to login, it's not public. Whereas the YouTube video is accessible.

If you can get the more direct link to the video, if possible, and/or review the ability to make the link "public", I think you'll have success.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Go to solution
Kevin
Tera Expert
In response to Allen Andreas

‎07-22-2022 10:21 AM

I am checking with my stakeholder if posting a bare URL to view the video in a new window (with authentication) is an acceptable User Experience.

Thanks for your reply.

0 Helpfuls

Go to solution
Thomas Hawinkel
Tera Contributor

‎07-25-2022 11:31 PM

Just in case the authentication is not the issue, you might want to check if youtube as a src is allow-listed in the html-sanitizer while the MS url is not.

https://docs.servicenow.com/bundle/paris-servicenow-platform/page/administer/security/task/t_ConfigureHTMLSanitizer.html

Go to solution
Barry_W
Mega Guru

‎07-26-2022 12:44 AM

I suspect Thomas is correct. I've had exactly the same issue in the past, where the code is removed upon saving and we had to adjust the allow list.

0 Helpfuls