AnsweredAssumed Answered

safe HTML iframe - policy whitelist not working

Question asked by ryans on Aug 23, 2018
Latest reply on Sep 24, 2018 by ryans

Hi!  I have a mashup that inserts iframes, and it works for most BlackBoard environments I have tried it with.  Usually, I need to add a whitelist item to the safe HTML policy XML file, like this  (just a snippet):

 

 

<tag name="iframe" action="validate">
<attribute name="align" />
<attribute name="frameborder" />
<attribute name="height" />
<attribute name="longdesc" />
<attribute name="marginheight" />
<attribute name="marginwidth" />
<attribute name="name" />
<attribute name="scrolling" />
<attribute name="src">
<regexp-list>
<regexp value="/webapps/osv-kaltura-[A-Za-z0-9_]+/content/iframe.jsp" />
<regexp value="/webapps/wvms-bb-[A-Za-z0-9_]+/vtbe_va.*" />
<regexp value="https://app.mywhitelistentry.com/.*" />
<regexp value="https://app.myotherwhitelistentry.com/.*" />
<regexp value="http[s]?://.*.slidesharecdn.com/.*" />
<regexp value="http[s]?://www.slideshare.net/.*" />
<regexp value="http[s]?://[A-Za-z0-9\.]*vimeo.com/.*" />
<regexp value="http[s]?://[A-Za-z0-9\.]*youtube-nocookie.com/.*" />
<regexp value="http[s]?://[A-Za-z0-9\.]*youtube.be/.*" />
<!-- ... and so on ... -->
</regexp-list>
</attribute>
<attribute name="width" />
</tag>

 

I'm working with a school currently where this *isn't working*.  Even though the policy containing the above XML is active, the safe HTML tool is still stripping out the embedded page from app.mywhitelistentry.com/embed/stuff.  Is there something else I may be missing?

 

My only guesses where that the staff member I'm working with is on a non-production BlackBoard environment, or something, but that doesn't seem to be the case.

Outcomes