By default, Pressbooks prohibits the use of iframes from most third-party media sources in order to prevent malicious users from embedding harmful content inside of a book. However, Pressbooks Network Managers can whitelist iframes from media sources that they trust. This chapter will cover:
Until a media source is whitelisted, no user with permissions lower than Network Manager can embed that content into their Pressbooks books using the iframe embed code. However, Network Managers can whitelist an iframe source at any time from their Network Admin Dashboard. Follow these steps:
- Navigate to the Pressbooks Network Admin Dashboard
- From the left sidebar menu, select Settings > Sharing & Privacy
- Paste in the domain or path that you intend to whitelist into the Iframe Whitelist form
- Click Save Changes
Afterward, iframes that match the added domain or path can be added to a book by any user on the network. Please note that in order for the whitelist form to work you should only enter one domain or path per line. Also note that media cloned from another network may include iframes not whitelisted on your network.
Some media sources have been vetted and added to our global Pressbooks whitelist. These are media sources we’ve deemed to be safe. Iframes from globally whitelisted sources can be embedded on any Pressbooks network by any user.
Iframes can pose a potential risk to readers on your network when they have not been properly vetted. Iframes can be used to embed malicious content into a book, which can transmit viruses to readers.
We simply caution network managers to only whitelist trusted media sources.
You can safely embed all sorts of media in Pressbooks not mentioned in this chapter. Pressbooks is compatible with any media that supports oEmbed. For more on embedded media and oEmbed content, check out the Embedded Media & Interactive Content chapter in our user guide.