HTML Field Security is a new feature in SharePoint 2013. Through this feature a SharePoint site collection administrators can control what content is allowed to embed within iframe. Within iframes admin can show embed dynamic contents from other sites such as videos or maps on any SharePoint site with the helps of Content editor web part
But any external domains such as youtube that you want to insert in a iframe should added as approved domains in HTML field security.
By default following external domains has been put already in the approved list to use in iframe.
If you want to add or remove any new external domain, then you can do so by using HTML Field Security page. Follow below steps:
Go to top level Site settings, then click on HTML Field security under Site Collection Administration as shown in the fig below:
There it ask for 3 option:
- Do not permit contributors to insert iframes from external domains into pages on this site. If you chose this option, then you will not be able to insert iframes from external domains. When you will try to do show it will show error message like The embed code is invalid because the source of the embed content is not allowed.
- Permit contributors to insert iframes from any external domain into pages on this site. If you chose this option, then user can insert iframes from any external domain.
- Permit contributors to insert iframes from the following list of external domains into pages on this site: If you chose this option, then user will be able to add iframes from the selected approved domains. Here if you want to approve a new domain, then you can put the name and then click on ADD like below: