Under site collection settings there is an entry for HTML field security.
We can dictate what domains are safe regarding embedded content
When a user tries to embed code in an editable region they will get the following error if the domain isn't set in the HTML field security
However, note that the error tells the user of an alternate way to embed the code using the embed command.
So now if the user chooses embed from the ribbon
It appears that the HTML security is bypassed!!!!!
Definitely one to watch, especially if this still appears in the RTM version
No comments:
Post a Comment