Forum Discussion
HTML Field Security - Group Sites
This relates on the "noscript" or script capability support. You would get similar result when noscript would be enabled on classic team site. Here's the pointer from the following support article.
HTML Field Security - No longer available in Library Settings. - You can still use HTML field security that you set up before scripting was disabled.
Using iFrame has been classicfied as JavaScript injection security challenge and it's disabled for the content areas when noscript is enabled. NoScript setting is enabled by default for Office 365 Groups / Modern team sites and you cannot disable that. When site has scripting capabilities disabled, all scenarios where user can inject script to be executed on behalf of the user, without administrative concent, are being disabled. Custom SharePoint Framework web parts are approved by administrator(s), so they do work on the modern sites.
MicrosoftThis relates on the "noscript" or script capability support. You would get similar result when noscript would be enabled on classic team site. Here's the pointer from the following support article.
HTML Field Security - No longer available in Library Settings. - You can still use HTML field security that you set up before scripting was disabled.
Using iFrame has been classicfied as JavaScript injection security challenge and it's disabled for the content areas when noscript is enabled. NoScript setting is enabled by default for Office 365 Groups / Modern team sites and you cannot disable that. When site has scripting capabilities disabled, all scenarios where user can inject script to be executed on behalf of the user, without administrative concent, are being disabled. Custom SharePoint Framework web parts are approved by administrator(s), so they do work on the modern sites.
VesaJuvonen or anyone else that may be able to help, is my understanding correct, that we can acheive what we need by creating a Custom SharePoint Framework web part?
I haven't been able to find much info regarding this, could you point me to a tutorial how we could acheive this?
Appreciate it.
Thanks
I just got a response from Microsoft Support and they were able to provide a method to resolve this.
Connect to sharepoint online powershell:
connect-sposervice -url https://YourTenant-admin.sharepoint.com
set-sposite https://yourTenant.sharepoint.com/sites/GroupSiteUrl -DenyAddAndCustomizePages $false
Then, navigate directly to the settings page for the group and you will see the 'HTML Field Security' option which you can modify:
https://yourTenant.sharepoint.com/sites/GroupSiteUrl/_layouts/settings.aspx
You will have to be an owner of the group to be able to see the settings page.
And, I'm not sure what permissions are required to run that powershell - Tenant Admin or Sharepoint Admin I'd assume (I'm tenant admin)
So is what you're saying the solution for this is from Microsoft support, is that you have to run a powershell command to grant permission for a single Group Site to have that capability? If there were more than one you would have to run that site by site?
What if you wanted to turn it on for all Group Sites?
- You could manage to create a script that read all the SPO Sites and do this stuff...Get-SPOSite works also with modern team sites
- You should be able to execute PowerShell for SPO also with the SPO Admin role
- VesaJuvonen
We just updated the SPFx tutorials and here's announcement on them from last week.
- David Rosenthal
Your link has a space on the end of it VesaJuvonen :)
- VesaJuvonen
Fixed - thx
