some iframe URLs are removed upon save of KB Article

Kevin · ‎07-22-2022

Hello - thank you for reading this.

When I try to embed a video into a SN KB Article - the url in the iframe for *some* sites is removed when I save the document. The video displays and is playable until I save the KB article. Then it disappears and upon inspection of the source code the url has been removed.

The Youtube video example Url is not removed, but the MS Stream is . Perhaps Security?

For example:

Youtube Video
<p><iframe src="https://www.youtube.com/embed/PX3A7GLtFqM" width="560" height="315" allowfullscreen=""></iframe></p>

MS Stream Video
<p><iframe src="https://web.microsoftstream.com/embed/video/b32a8221-8a34-43be-b351-dfeef975c353" width="640" height="360"></iframe></p>

Further,
I have also tried to use the embed video html control - and this shows a grey video placeholder which has controls but it does not work to play back the video.

Has anyone else encountered this?

Any suggestions are welcome

Barry_W · ‎08-01-2022

Hi Kevin,

Try something like this:

iframe: {
attribute: ["width", "height", "controls", "autoplay", "loop", "muted", "poster", "preload", "src", "allow", "allowfullscreen"],
attributeValuePattern: {}
},

I seem to recall we didnt have issues with youtube videos, but needed to adjust the sanitizer for videos from other sources.

View solution in original post

Kevin · ‎07-27-2022

Thanks @Thomas Hawinkels ,

I tried it again, in our DEV environment, and BOTH the Youtube & MSStream URLs are removed upon save. It must be the Sanitize settings.

I have added the iframe to the HTML_WHITELIST but this has not changed the behaviour. (See the HTMLSanitizerConfig below)

@Barry when you 'adjust the allow list' to prevent the URLs from being stripped, could you tell me more about how you accomplished that? I cannot see / intuit how to do that with HTMLSanitizerConfig

Thanks for all your help!

var HTMLSanitizerConfig = Class.create();
HTMLSanitizerConfig.prototype = {
	initialize: function() {
	},
	
	HTML_WHITELIST : {
		globalAttributes: {
			attribute:[],
			attributeValuePattern:{}
		},
		iframe:{},
	},
	
	HTML_BLACKLIST : {
		globalAttributes: {},
	},
	
	getWhiteList : function() {
		return this.HTML_WHITELIST;
	},
	
	getBlackList : function() {
		return this.HTML_BLACKLIST;
	},
	
	type: 'HTMLSanitizerConfig'
}

Barry_W · ‎08-01-2022

Hi Kevin,

Try something like this:

iframe: {
attribute: ["width", "height", "controls", "autoplay", "loop", "muted", "poster", "preload", "src", "allow", "allowfullscreen"],
attributeValuePattern: {}
},

I seem to recall we didnt have issues with youtube videos, but needed to adjust the sanitizer for videos from other sources.

Kevin · ‎08-03-2022

Thanks @Barry this worked!

Barry_W · ‎08-08-2022

Excellent, great to hear Kevin.