question

RowdeyCooper-5247 avatar image
0 Votes"
RowdeyCooper-5247 asked AllenXu-MSFT edited

Blocking external iframe embedding via powershell

Hello,

I am trying to write a script that automatically changes the html field security settings to block external iframe embedding.

I've googled some guides and tried the attached code. But as you can see it keeps erroring out. Any ideas on how to fix it?134199-134040-error.jpg


office-sharepoint-onlinewindows-server-powershell
134040-error.jpg (130.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RowdeyCooper-5247 avatar image
1 Vote"
RowdeyCooper-5247 answered

For anyone else who has this problem I figured out the solution was due to different .dll's used for sharepoint vs sharepoint online.

Working code for sharepoint online is:

$SiteURL = "Your URL Here"
Connect-PnPOnline -Url $SiteURL -UseWebLogin
$Site = Get-PnPSite -Includes CustomScriptSafeDomains

This allows for any domain

$site.AllowExternalEmbeddingWrapper = [Microsoft.SharePoint.Client.ScriptSafeExternalEmbedding]::AllowedDomains;

This blocks any domain

$site.AllowExternalEmbeddingWrapper = [Microsoft.SharePoint.Client.ScriptSafeExternalEmbedding]::None;

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered RowdeyCooper-5247 commented

I don't have SharePoint, but it looks like you need to use the Add-Type cmdlet to load the Microsoft.Sharepoint assembly.

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Do you know how I would go about adding that as code specifically?

the property that i am trying to use can be found here:
https://docs.microsoft.com/en-us/previous-versions/office/sharepoint-server/jj173375(v=office.15)?redirectedfrom=MSDN

0 Votes 0 ·

It should be enough to use the path to the DLL. If I knew where the DLL was I'd tell you!

 Add-Type "C:\<path>\Microsoft.SharePoint.dll

What you're trying to get is the value associated with the name "None". You might be able to just use the values directly:

Member name Description
None No external script safe iframes can be embedded by contributors in HTML fields. Value = 0.
AllowedDomains External script safe iframes can only be embedded by contributors in HTML fields by allowed domains. Value = 1.
All All external script safe iframes can be embedded by contributors in HTML fields. Value = 2.

0 Votes 0 ·

I'm starting to believe I am using the wrong types... I'm using sharepoint online and that type was for sharepoint server.... need to try and find the equivalent usage for sharepoint online... I know I need to change to Microsoft.Sharepoint.Client.ScriptSafeExternalEmbedding but not sure what the alternate use case of .allowexternalembedding would be

0 Votes 0 ·
Show more comments