I have some problems with adding an iframe through the REST API. We have tested with various URLs, and most result in the whole src attribute being filtered out. Youtube is not filtered out, so we have successfully added a Youtube iframe through the REST API.
We suspected that that this would have to do with the "Safe HTML Filter for Content Editor / Safe HTML Policies" feature, and added a new white-listed regex for the src attribute. Using the "test policy" function, we were able to confirm that it no longer should filter out the iframe src attribute. We were also able to add the iframe as HTML content using the content editor in a course.
However, this still fails when adding the same body through the REST API. Does the REST API use other filter mechanisms, or is there something else we should think of?
- Course Delivery (3100.0.0-rel.107+401e22b)
- Community Engagement (3100.0.0-rel.107+401e22b)
- Content Management (3100.0.0-rel.107+401e22b)