Embed everything in SharePoint 2013 Rich Text Editor

One of the new features in the SharePoint rich text editor is that now it is possible to embed external sources like Bing Maps, Vimeo videos, YouTube videos and other resources directly to the HTML content on an article page. In SharePoint 2010 html form web part or other special web parts needs to be used.

How it works

In the ribbon two buttons can be found to access the embedding feature. One can be found in the “Add audio and video” section the other is labeled with “Embed code”, both in the “Insert” group of the ribbon.

Embedding buttons in the ribbon

Embedding buttons in the ribbon

No matter which button will be used for embedding a YouTube, a modal dialog opens where the code for the embedding can be posted. Once the code has been added SharePoint provides a preview of the content that should be embedded.

Embedding dialog with preview

Embedding dialog with preview

After the submission the source will be added to the rich text editor as a so called “Snippet” that allows the position of the media or change the source of the embedded media.

Embedded sippet

Embedded sippet

As you see it’s now really easy to add external source to the content, but can be really embedded everything?

Embed everything or embed only allowed sources

Basically this new feature allows every iframe to be embedded, but allowing any iframe can lead to potentially scripting security problems. The good news here is that the allowed sources can be configured by a site collection administrator. The setting for this can be found in the site settings under site collection administration and is labeled as “HTML Field Security”. This offers the following configuration options:

  • Do not permit to add iframe from external external domain
  • Permit to add iframe from any external domain
  • Permit to add iframes from only the domains below
html field security settings

html field security settings

I think the last option is the most appropriate because it allows to manage what can be embedded. If something is missing from the list can be extended to support only trustful web sources.

Overall I think this is a great new feature for web content management and collaboration portals.