Adding content to SharePoint’s Online Modern sites is easily done using SharePoint’s built in “Embed” web part. The Webpart does have a few limitations though. Firstly, the default behaviour for displaying external content is only limited to sites that have been added to the “Secure Sites” list. And, although site administrators are able to control what external content is allowed on the site, all new external domains must be explicitly added by administrators to the Secure Sites List each time.

If an external domain is not added to this list, and if content from an external unsafe domain is embedded within the site, the site would throw an error.

Error Scenarios:

  • When content is embedded from an external domains within an iframe or an embed app part, the SharePoint Page will error if the domain is not listed under the HTML Field Security.

We recently wanted to enable content from external portals on a few hundred SharePoint sites for a customer. Manually adding these sites to the secure list would have been feasible if there were a handful. But for this scenario for a few hundred sites, I had to write a script using SharePoint’s client object model.

Problem Case

A User is prompted with an error “Embedding content from this website isn’t allowed” within the Embed Webpart for all domains that have not been listed under the safe domain list.


To fix the error prompted above, add the site manually under site settings configurations.

Site Settings >> Html Field Security >> Add Domain to the list and save.

In order to add content to all site collections, we need to implement a script that can iterate the entire Site Collection and leverage the “Script Safe Domain Entity Data” class to add sites to the HTML Field Security.

This class has been recently introduced and can be found in the CSOM package 16.1.7521.1200 or greater. Please ensure your package is updated to the version mentioned.

I have added the code snippet below for adding the Script Safe Domain Entity Data to SharePoint Online.

Code Snippet

The Tenant Administration library (Microsoft Online SharePoint Tenant Administration) is referenced to get a SharePoint tenant context that loads a list of all Site Collections within the tenant. The external domain is then added to the safe domain list for all sites.

Hope this script can be helpful 🙂

, ,