6 Network Iframe Whitelist

By default, Pressbooks prohibits the use of iframes from most third-party media sources to prevent malicious users from embedding harmful content inside of a book. However, Pressbooks Network Managers can add trusted domains to a whitelist, allowing users to embed iframes from these external sites to their books. This chapter will cover:

How to Whitelist an Iframe Source

Until a media source is whitelisted, no user with permissions lower than Network Manager can embed that content into their Pressbooks books using an iframe embed code. However, Network Managers can whitelist an iframe source at any time from their Network Admin Dashboard. Follow these steps:

  1. Navigate to the Pressbooks Network Admin Dashboard
  2. From the left sidebar menu, select Settings > Sharing & Privacy
    Navigate to the Sharing & Privacy page
  3. Paste in the domain or path that you intend to whitelist into the Iframe Whitelist form. Guidelines for the expected input format are included below the input field.
    Iframe Whitelist page
  4. Click Save Changes 
NOTE: Each separate domain or path you wish to whitelist should be entered on its own line in the input field. A whitelisted domain or path must match the iframe URL exactly in order for the iframe to properly embed and display.

Once you have saved changes to your iframe whitelist, any iframe whose src attribute matches a domain or path on your whitelist will pass through our security filter and can be added to a book by any user on the network. Please note that content cloned from other networks may include iframes from sources which have not been whitelisted on your network. If this is the case, these iframes will not display in the cloned book.

The Pressbooks Global Whitelist

Some media sources have been vetted and added to our global Pressbooks whitelist. These are media sources we’ve deemed to be safe. Iframes from globally whitelisted sources can be embedded on any Pressbooks network by any user.

What Media Should be Whitelisted

Because iframes can be used to embed malicious content into a book, they can pose a potential risk to readers on your network, especially when they come from sources which have not been properly vetted. We simply caution network managers to only whitelist trusted media sources.

Support for Whitelisted Media

This feature allows users to add interactive media to a book from anywhere on the internet as long as a network manager has whitelisted it across the network, including media sources that the Pressbooks team isn’t familiar with. We’re happy to offer this feature, but we are unable to offer technical support for any bugs that affect media from network manager-whitelisted sources.

Pressbooks can only offer technical support for issues with media that have been globally whitelisted across all networks or are related to supported plugins on our platform.

More on Embedded Media

You can safely embed all sorts of media in Pressbooks not mentioned in this chapter. Pressbooks is compatible with any media that supports oEmbed. For more on embedded media and oEmbed content, check out the Embedded Media & Interactive Content chapter in our user guide.

License

Icon for the Creative Commons Attribution 4.0 International License

The Pressbooks Network Manager's Guide by Pressbooks is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book