Pages

Tuesday, November 1, 2016

Usage of HTML field security in SharePoint Online and SharePoint 2013

Introduction

HTML field security in SharePoint (Office 365 and SharePoint 2013) controls inserting iframes on the pages of the particular site.

You can go to HTML Field Security by going to Setting Page and under “Site Collection Administration” you can find “HTML Field Security” option.

1

You can edit the page and select “Edit Source” from the ribbon in order to add iframe into a page.
3
Options

There are three options
2

Option 1. Do not permit contributors to insert iframes from external domains into pages on this site.

This blocks the contributors from adding iframes from external domains. When the users try to add an iframe through edit form they will get a notification saying “Warning: Some of your markup was stripped out. Try using the Embed command.
4
Option 2. Permit contributors to insert iframes from any external domain into pages on this site.
This option will lead the contributors to add iframes from any domain.
Option 3. Permit contributors to insert iframes from the following list of external domains into pages on this site: Allow iframes from this domain:
The contributors can add iframes from the domain given in the area. And also the subdomains of the given domain are trusted.

So this is how we use the HTML field security in SharePoint. But again let’s discuss some scenarios on HTML field security.

Scenario 01.

In the setting, Option 1 is selected and can I add an iframe to the page?

Yes you can. Add the iframe through “Script Editor” web part. Edit the page, go to insert and click “Embed Code”.
4
Scenario 02.

What will happen to the exiting iframes if the Option is set to 3?
Nothing will happen to the exiting iframes. It will continue to work.

Scenario 03.

What will happen to sub sites?

The setting in the site collection level will be applied to sub sites as well.