# Embedding A Video

There may be situations where you would like to embed external media such as videos or other web-based html into your forms. This type of embedding can expose your forms to XSS vulnerabilities within your application.&#x20;

To safely embed HTML, apply the [**Form.io Santize Config**](https://github.com/formio/formio.js/wiki/Form-Sanitize-Config) within your application settings. This code is a security mechanism that removes unsafe and potentially malicious content from raw HTML strings before presenting them to the end-user. Below is an example of applying the Sanitize Configuration to an embedded form within the application code. The video embed URL was applied to the [**Content**](/userguide/forms/form-building/form-components/layout-components.md#content) component on the form level.

```javascript
    window.onload = function() {
    Formio.createForm(document.getElementById('formio'), 
    'https://khvenypsypifjpi.form.io/embed2', 
        {
          sanitizeConfig: {
          allowedAttrs: ['ref', 'src', 'url', 'data-oembed-url'],
          allowedTags: ['iframe', 'oembed'],
          addTags: ['iframe', 'oembed'],
          addAttr: ['url', 'data-oembed-url']
        }
       });
 };
```

{% hint style="info" %}
Form.io utilizes the [**DOMPurify**](https://github.com/cure53/DOMPurify#can-i-configure-dompurify) library to generate the sanitized configurations, please follow the link for more details.&#x20;
{% endhint %}

Since the configuration is applied to the application code, the HTML will not render within the Form.io project, but will successfully display within the application for the end user.

{% embed url="<https://codepen.io/JeriahFormio/pen/KKrvRyo>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.form.io/faq/tutorials-and-workflows/embedding-a-video.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.