IntroductionHTML field security in SharePoint (Office 365 and SharePoint 2013) controls inserting iframes on the pages of the particular site.
You can go to HTML Field Security by going to Setting Page and under “Site Collection Administration” you can find “HTML Field Security” option.
You can edit the page and select “Edit Source” from the ribbon in order to add iframe into a page.
There are three options
This blocks the contributors from adding iframes from external domains. When the users try to add an iframe through edit form they will get a notification saying “Warning: Some of your markup was stripped out. Try using the Embed command.”
Option 2. Permit contributors to insert iframes from any external domain into pages on this site.
This option will lead the contributors to add iframes from any domain.Option 3. Permit contributors to insert iframes from the following list of external domains into pages on this site: Allow iframes from this domain:
The contributors can add iframes from the domain given in the area. And also the subdomains of the given domain are trusted.So this is how we use the HTML field security in SharePoint. But again let’s discuss some scenarios on HTML field security.
In the setting, Option 1 is selected and can I add an iframe to the page?
Yes you can. Add the iframe through “Script Editor” web part. Edit the page, go to insert and click “Embed Code”.
Nothing will happen to the exiting iframes. It will continue to work.
What will happen to sub sites?
The setting in the site collection level will be applied to sub sites as well.