Beginning with version 16.5, Issuetrak provides the ability for you to add embed codes to your site. When we talk about embed codes, we're referring to little snippets of JavaScript or HTML that you can leverage to improve your site experience or add functionality.
What can you do with embed codes?
You can do a bunch of stuff!
- Track users' navigation behavior
- Change styling of certain elements in your site. For example, maybe you want the page title to be larger!
- Add syntax highlighting functionality, so that programming languages can be rendered in a more friendly way than plaintext.
- Chat tools
- Marketing automation platforms, like HubSpot
- Presentations, such as Canva
- Forms
Security Concerns
Adding code from third-party sources can be a potential source of security problems.
- Malicious code can compromise your site's user and data security
- Code can add useful features, while it may also contain vulnerabilities that make it possible to compromise data security
- If you forget to periodically check for updated code, you may similarly place your site and/or data at risk
Site Security
Your site security settings will need to be adjusted in IIS to allow the use of HTML code and scripts that are hosted by a third-party. That's because we've implemented new Content Security Policy settings in the product to ensure that the additions and changes made to the site via the embedded code were, in fact, deliberately made.
But what needs to change? The best implementation is a content security policy that is based on the code you decide to add to Issuetrak. Issuetrak has provided a preset content security policy that you can use, but it may require some customization for best effect on your site.
The content security policy in IIS will need to be changed by updating the URL Rewrite rules (both HTTP and HTTPS) so that they are disabled instead of enabled.
Steps:
- On your web server, navigate to the IIS console.
- Find and click on the site along the lefthand side that you want to enable the content security policy for embedded code.
- Click on the URL Rewrite module.
- Look at the Outbound Rules (the bottom half of the window) and expand the first column so that the entire name for every rule is visible.
- Find the two rules that have names ending in With Embedded HTML FOR HTTP and With Embedded HTML FOR HTTP.
- Click on each of the above rules and then choose Enable Rule along the righthand side.
- Restart your site in IIS.
- Verify you are able to add code to the Embed Html field (see below), and that it behaves appropriately.
How to Add an Embed Code
If you've made up your mind that you want to add embedded code to your site, then follow these instructions:
Steps:
- Click on the settings gear icon in the top right to open the Settings lightbox. Find and click on Features beneath System.
- Scroll down to the "Embedded HTML" section.
- Paste the code you want your site to use.
- Click on update.
Now test out the functionality of the code you just added!