![Logo (Black Text)-1.svg]](https://support.haystackteam.com/hubfs/Logo%20(Black%20Text)-1.svg){kind=small}
Why Haystack Doesn't Support General iFrame Embeds 🚫
At Haystack, we strive to make your workspace as flexible and integrated as possible. While you may notice that many of our native integrations (like Figma, YouTube, or Google Drive) use iFrame technology under the hood, we do not currently offer a "General iFrame" block for custom code or arbitrary URLs.
Here's why:
Security First
The decision to restrict general iFrames is rooted in workspace security. Because iFrames load external websites directly within your Haystack environment, an unrestricted iFrame can be used maliciously to:
-
Execute "Clickjacking" attacks: Overlaying invisible layers to trick users into clicking links.
-
Phishing: Mimicking login screens to steal credentials.
-
Script Injection: Running unauthorized code within your browser session.
To keep your company data and your employees safe, we vet every integration to ensure it meets our rigorous security standards before making it available in the editor.
How to request a new integration
We are constantly expanding our list of supported embeds! If there is a specific tool you’d like to see—such as a specific Jira form, a specialized dashboard, or a project management tool—we want to hear about it.
To request a new integration:
-
Contact your CSM: Reach out to your Customer Success Manager with the name of the tool and a sample URL.
-
Submit a Request: Email our support team at support@haystackteam.com or fill out a ticket HERE.
Keywords: embed, iframe, integration, security, jira form, custom code, html block, third party tools, widget, plugin, clickjacking, scripting, safe embedding, feature request, csm, support