One of the new features in the SharePoint rich text editor is that now it is possible to embed external sources like Bing Maps, Vimeo videos, YouTube videos and other resources directly to the HTML content on an article page. In SharePoint 2010 html form web part or other special web parts needs to be used.
How it works
In the ribbon two buttons can be found to access the embedding feature. One can be found in the “Add audio and video” section the other is labeled with “Embed code”, both in the “Insert” group of the ribbon.
No matter which button will be used for embedding a YouTube, a modal dialog opens where the code for the embedding can be posted. Once the code has been added SharePoint provides a preview of the content that should be embedded.
After the submission the source will be added to the rich text editor as a so called “Snippet” that allows the position of the media or change the source of the embedded media.
As you see it’s now really easy to add external source to the content, but can be really embedded everything?
Embed everything or embed only allowed sources
Basically this new feature allows every iframe to be embedded, but allowing any iframe can lead to potentially scripting security problems. The good news here is that the allowed sources can be configured by a site collection administrator. The setting for this can be found in the site settings under site collection administration and is labeled as “HTML Field Security”. This offers the following configuration options:
- Do not permit to add iframe from external external domain
- Permit to add iframe from any external domain
- Permit to add iframes from only the domains below
I think the last option is the most appropriate because it allows to manage what can be embedded. If something is missing from the list can be extended to support only trustful web sources.
Overall I think this is a great new feature for web content management and collaboration portals.