Omit scripts from HTML
Third-party rich media embed codes may include a
<script> tag. If your system adds HTML code via
innerHTML, script tags will be ignored per HTML5 specification to prevent cross-site scripting attacks.
It causes issues with any rich media with an otherwise legit script as part of its HTML. It will not render correctly or not at all.
Instead, Iframely suggests our hosted iFrames render scripted rich media.
Iframely’s embed.js script still needs to be excepted, but only this single script. Add it to your page yourself. To adjust the sizes of the iFrames and to handle other events.
Omit third-party scripts
There are two ways to use iFrame renders for all rich media with third-party scripts:
- Set this option in your API settings.
&omit_script=1query-string parameter with every API call or as needed.
It will only affect third-party rich media, whose HTML code includes a
<script> tag. You’ll get Iframely
<iframe>- based code instead.
Please load Iframely’s embed.js script to your page yourself as described below.
Iframely omits Embed.js itself
Embed.js is still required so your page can communicate with Iframely iFrames. You can load embed.js by adding it to the head of your page:
<script src="//cdn.iframe.ly/embed.js" async charset="utf-8"></script>
However, your page may or may not have our embeds on it. We suggest loading embed.js only when it is required:
See the embed.js document if you need events and controls that our Embed.js script provides.
If you use a custom CDN option, please, source the embed.js script from your distribution. You may also opt to self-host embed.js script file. It is available on GitHub and NPM.
Embed.js itself is also omitted
When you request
&omit_script=1, we don’t include our script with the HTML code at all. You’d need to add it to your site too. Please see above.
Multiple Iframely embed.js script tags on your page do not put a drag on user’s bandwidth or your site’s performance. Browsers will load it only once — no need to omit it for that single reason.