Blocking external iframe embedding via powershell

Question

Blocking external iframe embedding via powershell

Spencer Cooper 11

Hello,

I am trying to write a script that automatically changes the html field security settings to block external iframe embedding.

I've googled some guides and tried the attached code. But as you can see it keeps erroring out. Any ideas on how to fix it?

2 answers

Your answer

Answer 1

For anyone else who has this problem I figured out the solution was due to different .dll's used for sharepoint vs sharepoint online.

Working code for sharepoint online is:

$SiteURL = "Your URL Here"
Connect-PnPOnline -Url $SiteURL -UseWebLogin
$Site = Get-PnPSite -Includes CustomScriptSafeDomains

This allows for any domain

$site.AllowExternalEmbeddingWrapper = [Microsoft.SharePoint.Client.ScriptSafeExternalEmbedding]::AllowedDomains;

This blocks any domain

$site.AllowExternalEmbeddingWrapper = [Microsoft.SharePoint.Client.ScriptSafeExternalEmbedding]::None;

Answer 2

Rich Matheisen 47,901

I don't have SharePoint, but it looks like you need to use the Add-Type cmdlet to load the Microsoft.Sharepoint assembly.

Spencer Cooper 11 Reputation points

2021-09-21T18:30:55.71+00:00

Do you know how I would go about adding that as code specifically?

the property that i am trying to use can be found here:
https://learn.microsoft.com/en-us/previous-versions/office/sharepoint-server/jj173375(v=office.15)?redirectedfrom=MSDN
Rich Matheisen 47,901 Reputation points

2021-09-21T19:42:06.413+00:00
It should be enough to use the path to the DLL. If I knew where the DLL was I'd tell you!

Add-Type "C:\<path>\Microsoft.SharePoint.dll

What you're trying to get is the value associated with the name "None". You might be able to just use the values directly:

Member name Description
None No external script safe iframes can be embedded by contributors in HTML fields. Value = 0.
AllowedDomains External script safe iframes can only be embedded by contributors in HTML fields by allowed domains. Value = 1.
All All external script safe iframes can be embedded by contributors in HTML fields. Value = 2.
Spencer Cooper 11 Reputation points

2021-09-21T20:14:03.663+00:00

I'm starting to believe I am using the wrong types... I'm using sharepoint online and that type was for sharepoint server.... need to try and find the equivalent usage for sharepoint online... I know I need to change to Microsoft.Sharepoint.Client.ScriptSafeExternalEmbedding but not sure what the alternate use case of .allowexternalembedding would be
Rich Matheisen 47,901 Reputation points

2021-09-21T21:15:11.18+00:00

Have you tried [Microsoft.Sharepoint.Client.ScriptSafeExternalEmbedding]::None
Spencer Cooper 11 Reputation points

2021-09-21T21:29:12.11+00:00

yeah that part works,
but now the $site.allowexternalembedding isn't a recognizable object... not sure what the replacement of allowexternalembedding would be
Rich Matheisen 47,901 Reputation points

2021-09-21T21:40:00.1+00:00

Are you saying that the $site variable doesn't contain SharePoint site? Or that the property AllowExternalEmbedding doesn't exist in the $site object?
Spencer Cooper 11 Reputation points

2021-09-21T22:46:48.813+00:00

I'm saying I don't think AllowExternalEmbedding isn't an object within the cmos of sharepoint online , most likely it goes by another name

Share via

Blocking external iframe embedding via powershell

2 answers

This allows for any domain

This blocks any domain

Your answer