WiscWeb - WiscWeb embed code policy

The following document outlines WiscWeb's current protocol regarding embedded code use.

Important note about terminology

This document uses some terminology that is may not be understood by all. If there are any terms you do not recognize, please refer to our Terminology doc for more information.

    Background

    In WordPress multi-site networks, like the one we use for WiscWeb, only the SuperAdmin role is able to include unfiltered HTML. This was a change that WordPress rolled out in version 2.0 to prevent users from posting malicious or poorly formatted code.

    WiscWeb started aligning with WordPress's standard in 2019, to improve security of the multi-site network. WiscWeb sites will not inherit the ability to embed code or inline HTML for display on a page. This helps protect the entire multi-site network from XSS attacks that could break pages or sites.

    Current behavior

    If users try to include embed code in the Text Block of their WiscWeb site, it will be stripped upon Publish or Update. Users will not be able to use the following tags in the text area of their pages:

    • <iframe>
    • <embed>
    • <span> (span tags that use the style attribute will still work)
    • <input>
    • <script>
    • <form>
    • <style> (style attributes will still work – like with the <span> tag, but <style> tags will not work on their own)

    Options for embedding

    If WiscWeb users need to embed content, there are a couple options currently. These options are outlined in WiscWeb - Embed Options.

    Please note that our ability to add new technology to the Embed Options is limited by a couple factors:

    • We use a process called oEmbeds for accommodating embedded content safely in WiscWeb. It is not always possible to create an oEmbed from every tool. We will let you know if it is not possible. 
    • We aim to align any oEmbed options with our Software and Technology Integration Policy. This means we prefer to work with tools that are:
      • Campus supported
      • Easily supported within the WiscWeb environment
      • Meet broad needs for campus (i.e., Have high usage)
      • Have a low impact on WiscWeb infrastructure
      • Are accessible
    • If a tool you wish to use is not currently not listed in our Embed Options, please submit a feature request so that we can gauge appropriateness for the service. 

    Troubleshooting tips

    • If there isn't another option available for including your outside source content in your site, we recommend linking out to the content. The users will still be able to get to it and it's an easy workaround. 

    See Also


    Keywords:
    embed, iframe, script, style, embed, embedded, social media, HTML, unfiltered, input, policy 
    Doc ID:
    96764
    Owned by:
    Jenna K. in WiscWeb
    Created:
    2019-12-20
    Updated:
    2025-09-02
    Sites:
    DoITHelpDesk-external, DoITHelpDesk-internal, WiscWeb-external, WiscWeb-internal