Blocking external iframe embedding via powershell

Spencer Cooper 201

Hello,

I am trying to write a script that automatically changes the html field security settings to block external iframe embedding.

I've googled some guides and tried the attached code. But as you can see it keeps erroring out. Any ideas on how to fix it?

Accepted answer

Spencer Cooper 201 Reputation points

2021-09-22T07:16:05.733+00:00

For anyone else who has this problem I figured out the solution was due to different .dll's used for sharepoint vs sharepoint online.

Working code for sharepoint online is:

$SiteURL = "Your URL Here"
Connect-PnPOnline -Url $SiteURL -UseWebLogin
$Site = Get-PnPSite -Includes CustomScriptSafeDomains

This allows for any domain

$site.AllowExternalEmbeddingWrapper = [Microsoft.SharePoint.Client.ScriptSafeExternalEmbedding]::AllowedDomains;

This blocks any domain

$site.AllowExternalEmbeddingWrapper = [Microsoft.SharePoint.Client.ScriptSafeExternalEmbedding]::None;
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment

1 additional answer

Rich Matheisen 44,621 Reputation points

2021-09-21T18:25:06.13+00:00

I don't have SharePoint, but it looks like you need to use the Add-Type cmdlet to load the Microsoft.Sharepoint assembly.
Please sign in to rate this answer.
Spencer Cooper 201 Reputation points

2021-09-21T18:30:55.71+00:00

Do you know how I would go about adding that as code specifically?

the property that i am trying to use can be found here:
https://learn.microsoft.com/en-us/previous-versions/office/sharepoint-server/jj173375(v=office.15)?redirectedfrom=MSDN

Rich Matheisen 44,621 Reputation points

2021-09-21T19:42:06.413+00:00

It should be enough to use the path to the DLL. If I knew where the DLL was I'd tell you!

Add-Type "C:\<path>\Microsoft.SharePoint.dll

What you're trying to get is the value associated with the name "None". You might be able to just use the values directly:

Member name Description
None No external script safe iframes can be embedded by contributors in HTML fields. Value = 0.
AllowedDomains External script safe iframes can only be embedded by contributors in HTML fields by allowed domains. Value = 1.
All All external script safe iframes can be embedded by contributors in HTML fields. Value = 2.

Spencer Cooper 201 Reputation points

2021-09-21T20:14:03.663+00:00

I'm starting to believe I am using the wrong types... I'm using sharepoint online and that type was for sharepoint server.... need to try and find the equivalent usage for sharepoint online... I know I need to change to Microsoft.Sharepoint.Client.ScriptSafeExternalEmbedding but not sure what the alternate use case of .allowexternalembedding would be

Rich Matheisen 44,621 Reputation points

2021-09-21T21:15:11.18+00:00

Have you tried [Microsoft.Sharepoint.Client.ScriptSafeExternalEmbedding]::None

Spencer Cooper 201 Reputation points

2021-09-21T21:29:12.11+00:00

yeah that part works,
but now the $site.allowexternalembedding isn't a recognizable object... not sure what the replacement of allowexternalembedding would be

Rich Matheisen 44,621 Reputation points

2021-09-21T21:40:00.1+00:00

Are you saying that the $site variable doesn't contain SharePoint site? Or that the property AllowExternalEmbedding doesn't exist in the $site object?

Spencer Cooper 201 Reputation points

2021-09-21T22:46:48.813+00:00

I'm saying I don't think AllowExternalEmbedding isn't an object within the cmos of sharepoint online , most likely it goes by another name
Sign in to comment

Blocking external iframe embedding via powershell

This allows for any domain

This blocks any domain

1 additional answer