feat: allow forms.microsoft.com domain for embeddables (#9519)

* Update embeddable.ts * no need for same origin * The form does not load without allow same origin * automatically add embed=true to link if not present * fix link check
2025-05-13 19:48:26 +02:00 · 2025-05-13 19:48:26 +02:00 · 4dfb8a3f8e
commit 4dfb8a3f8e
parent 298812e1d0
1 changed files with 8 additions and 0 deletions
--- a/packages/element/src/embeddable.ts
+++ b/packages/element/src/embeddable.ts
@ -33,6 +33,8 @@ const RE_GH_GIST = /^https:\/\/gist\.github\.com\/([\w_-]+)\/([\w_-]+)/;
 const RE_GH_GIST_EMBED =
  /^<script[\s\S]*?\ssrc=["'](https:\/\/gist\.github\.com\/.*?)\.js["']/i;

+const RE_MSFORMS = /^(?:https?:\/\/)?forms\.microsoft\.com\//;
+
 // not anchored to start to allow <blockquote> twitter embeds
 const RE_TWITTER =
  /(?:https?:\/\/)?(?:(?:w){3}\.)?(?:twitter|x)\.com\/[^/]+\/status\/(\d+)/;
@ -69,6 +71,7 @@ const ALLOWED_DOMAINS = new Set([
  "val.town",
  "giphy.com",
  "reddit.com",
+  "forms.microsoft.com",
 ]);

 const ALLOW_SAME_ORIGIN = new Set([
@ -82,6 +85,7 @@ const ALLOW_SAME_ORIGIN = new Set([
  "*.simplepdf.eu",
  "stackblitz.com",
  "reddit.com",
+  "forms.microsoft.com",
 ]);

 export const createSrcDoc = (body: string) => {
@ -206,6 +210,10 @@ export const getEmbedLink = (
    };
  }

+  if (RE_MSFORMS.test(link) && !link.includes("embed=true")) {
+    link += link.includes("?") ? "&embed=true" : "?embed=true";
+  }
+
  if (RE_TWITTER.test(link)) {
    const postId = link.match(RE_TWITTER)![1];
    // the embed srcdoc still supports twitter.com domain only.