7 Network Iframe Allowlist

By default, Pressbooks prohibits the use of iframes from most third-party media sources to prevent malicious users from embedding harmful content inside of a book. However, Pressbooks Network Managers can add trusted domains to an allowlist, allowing users to embed iframes from these external sites to their books. This chapter will cover:

What is an Iframe? When does media need to be Iframed?

Simply put, an Iframe is embedded media content (technically an “HTML element”) such as documents, videos, interactive content, media files from another webpage. Iframing allows for media content from other webpages to be displayed perfectly on your book. This is particularly useful for EDU institutions, who may want to bring in multi-media content from other educational websites.

This would effectively mean that any content from any site could be embedded into your Pressbooks book by using an Iframe. However, as mentioned at the top of this chapter, Pressbooks prohibits the use of Iframes from most domains by default in order to prevent harmful content from being embedded. This chapter will explain how to allow specific domains so that Iframing content from those sites will be possible.

NOTE: Some domains do not have to be manually entered into the Allowlist in order for their content to be embeddable. WordPress automatically support oEmbeds for certain providers (which applies to Pressbooks, as it is built on top of WordPress) which have been deemed as ‘safe’ across all WordPress platforms. The list of these domains can be found on the WordPress support page.

In the case of the domains found on the WordPress page above (ex. Youtube), you can copy the URL from your browser, paste it into your book on Pressbooks, and the content will embed automatically without having to make any manual adjustments.

How to Allowlist an Iframe Source

Until a media source is allowlisted, no user with permissions lower than Network Manager can embed that content into their Pressbooks books using an iframe embed code. However, Network Managers can allowlist an iframe source at any time from their Network Admin Dashboard. More detailed instructions for doing so can be found here.

  1. Navigate to the Pressbooks Network Admin Dashboard
  2. From the left sidebar menu, select Settings > Network Options
  3. Select the ‘Network Defaults’ tab and paste in the domain or path that you intend to allow into the Iframe Allowlist form. Guidelines for the expected input format are included below the input field.
    Iframe Allowlist option
    The Iframe Allowlist setting
  4. Click Save Changes 
NOTE: Each separate domain or path you wish to allow should be entered on its own line in the input field. An allowed domain or path must match the iframe URL exactly in order for the iframe to properly embed and display.

Once you have saved changes to your iframe allowlist, any iframe whose src attribute matches a domain or path on your allowlist will pass through our security filter and can be added to a book by any user on the network.

Please note that content cloned from other networks may include iframes from sources which have not been allowed on your network. If this is the case, these iframes will not display in the cloned book.

The Pressbooks Global Allowlist

Some media sources have been vetted and added to our global Pressbooks allowlist. These are media sources we’ve deemed to be safe. Iframes from globally allowed sources can be embedded on any Pressbooks network by any user.

What Media Should be Allowlisted

Because iframes can be used to embed malicious content into a book, they can pose a potential risk to readers on your network, especially when they come from sources which have not been properly vetted. We simply caution network managers to only allow iframes to be embedded from trusted media sources.

Support for Allowlisted Media

This feature allows users to add interactive media to a book from anywhere on the internet as long as a network manager has allowlisted it across the network, including media sources that the Pressbooks team isn’t familiar with. We’re happy to offer this feature, but we are unable to offer technical support for any bugs that affect media from network manager-allowlisted sources.

Pressbooks can only offer technical support for issues with media that have been globally allowed across all networks or are related to supported plugins on our platform.

More on Embedded Media

You can safely embed all sorts of media in Pressbooks not mentioned in this chapter. Pressbooks is compatible with any media that supports oEmbed. For more on embedded media and oEmbed content, check out the Embedded Media & Interactive Content chapter in our user guide.


Icon for the Creative Commons Attribution 4.0 International License

The Pressbooks Network Manager's Guide by Pressbooks is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book