By default, Pressbooks prohibits the use of iframes from most third-party media sources to prevent malicious users from embedding harmful content inside of a book. However, Pressbooks Network Managers can add trusted domains to an allowlist, allowing users to embed iframes from these external sites to their books. This chapter will cover:
Simply put, an Iframe is embedded media content (technically an “HTML element”) such as documents, videos, interactive content, media files from another webpage. Iframing allows for media content from other webpages to be displayed perfectly on your book. This is particularly useful for EDU institutions, who may want to bring in multi-media content from other educational websites.
This would effectively mean that any content from any site could be embedded into your Pressbooks book by using an Iframe. However, as mentioned at the top of this chapter, Pressbooks prohibits the use of Iframes from most domains by default in order to prevent harmful content from being embedded. This chapter will explain how to allow specific domains so that Iframing content from those sites will be possible.
NOTE: Some domains do not have to be manually entered into the Allowlist in order for their content to be embeddable. WordPress automatically support oEmbeds for certain providers (which applies to Pressbooks, as it is built on top of WordPress) which have been deemed as ‘safe’ across all WordPress platforms. The list of these domains can be found on the WordPress support page.
In the case of the domains found on the WordPress page above (ex. Youtube), you can copy the URL from your browser, paste it into your book on Pressbooks, and the content will embed automatically without having to make any manual adjustments.
Until a media source is allowlisted, no user with permissions lower than Network Manager can embed that content into their Pressbooks books using an iframe embed code. However, Network Managers can allowlist an iframe source at any time from their Network Admin Dashboard. More detailed instructions for doing so can be found here.
- Navigate to the Pressbooks Network Admin Dashboard
- From the left sidebar menu, select Settings > Network Options
- Select the ‘Network Defaults’ tab and paste in the domain or path that you intend to allow into the Iframe Allowlist form. Guidelines for the expected input format are included below the input field.
- Click Save Changes
Once you have saved changes to your iframe allowlist, any iframe whose src attribute matches a domain or path on your allowlist will pass through our security filter and can be added to a book by any user on the network.
Please note that content cloned from other networks may include iframes from sources which have not been allowed on your network. If this is the case, these iframes will not display in the cloned book.
Some media sources have been vetted and added to our global Pressbooks allowlist. These are media sources we’ve deemed to be safe. Iframes from globally allowed sources can be embedded on any Pressbooks network by any user.
Because iframes can be used to embed malicious content into a book, they can pose a potential risk to readers on your network, especially when they come from sources which have not been properly vetted. We simply caution network managers to only allow iframes to be embedded from trusted media sources.
This feature allows users to add interactive media to a book from anywhere on the internet as long as a network manager has allowlisted it across the network, including media sources that the Pressbooks team isn’t familiar with. We’re happy to offer this feature, but we are unable to offer technical support for any bugs that affect media from network manager-allowlisted sources.
You can safely embed all sorts of media in Pressbooks not mentioned in this chapter. Pressbooks is compatible with any media that supports oEmbed. For more on embedded media and oEmbed content, check out the Embedded Media & Interactive Content chapter in our user guide.