Why Can’t Embedded SharePoint Videos Be Viewed in Full Screen

I’m using Microsoft Edge w/ Windows 10 and I’m embedding videos on SharePoint pages from the the Office 365 Video Portal.

For some reason the allow full screen code is being stripped out after the code is saved to the page. Take a peek to see what happens graphically and the 2 different versions of code.

Is This a SharePoint Bug?

Any Embedded Bug Bounty?

Every bug bounty program or text piece about bug bounty methodologies I’ve encountered is for some type of web service. I’m mostly focused on low-level system and embedded software. Are there bug bounty programs for someone with my type of skill set?

Preventing Quota Theft of Embedded Service without API Key

The way the service works is that the user can embed content on their site, that is served from my servers. Usage is tracked in “views”, or how many times the src endpoint inside of the <iframe> has been called.

I am trying to find out a way to verify that the origin site of the request is indeed the customer’s, and not some other web server. Using an API key as a query parameter leaves the possibility to just copy the <iframe> element, and use the service for free, at the expense of the real customer.

Some methods that I have considered follow:

  • Using the origin/referrer header of the HTTP request
  • Using JavaScript to determine the origin site, then send for the data

The first of these methods can be defeated simply by sending a request to the endpoint from an AJAX request with the origin header set to a customer’s website.

The second may work provided the JavaScript method that requests the data is sufficiently obfuscated.

While I know that no solution is fool-proof, I am not quite satisfied with relying on the origin HTTP header to determine usage.

Are there any alternative methods that do not rely on the customer rotating code, api key or otherwise, to prevent quota theft? Thanks in advance.

Key management for builds for embedded systems

Our medical device has embedded processors and a USB port used for firmware updates and logfile transfers. The usual USB viruses are not a concern (no mechanism to load or execute them, wouldn’t run in our unique environment). However a secure upgrade method is required by a regulatory agency, in case of malicious attack by someone with a copy of the source code, build environment and schematics.

In learning about security, our current concept is to use signing and encryption for upgrades and to embed the public key. Then we have to keep the private key private for the product lifetime, hopefully on the order of twenty years.

Is there a standard way to do that? Keep it on a secure build server?

Embedded web parts in sharepoint

So I made a link to a document from one subsite to another subsite in sharepoint. I have used the embed web part and have inserted the link to the document instead of the iframe code. The document is an excel file but only half of the document is shown and there are no side bars to scroll across. how do I adjust the size of the embedded web part or the excel file? Any suggestions would be much appreciated.

Preemptive vs Run To Completion scheduling in Embedded Systems

Programming in embedded systems usually means working within tight memory, processing, timing and power constraints. (malloc()? Forget it…)

Schedulers for embedded systems

For all but the simplest applications, it’s often helpful to have a scheduler to handle timed events, and for the embedded systems programmer, FreeRTOS is a popular choice. It’s a preemptive scheduler that handles tasks with multiple priorities and periodically checks to see if there’s a task with a higher priority that’s available for running.

Another approach is a “run to completion” scheduler, in which the scheduler runs a task until it completes before running the next. For the embedded systems engineer it’s not particularly difficult to write non-blocking tasks, though it does take some extra thought.

Advantages of a preemptive scheduler

The primary advantages of a preemptive scheduler are that you don’t have to write non-blocking tasks, and higher-priority tasks will always get serviced soon (where “soon” is determined by the scheduler tick rate).

Advantages of a run-to-completion scheduler

Some advantages of a run-to-completion scheduler is that the implementation can be very compact and efficient and it’s easy to put the system to sleep when there are no tasks to run. And since you don’t have to save and restore each task’s stack state: switching tasks is fast; the code is more portable; and you don’t have to declare the size of each task’s stack a priori.

Which would you choose: why and when?

Given all the above, I’m leaning towards a run-to-completion architecture. But what’s your experience? When would you choose a preemptive scheduler over a run-to-completion scheduler?

Power Apps form embedded in Power BI to update Sharepoint List

I created a Sharepoint online list that tracks cases. Users review and update cases through a power apps form on the site. I also have a power bi visualization that is querying the Sharepoint list to display graphs. Is there a way to put the existing power apps form into the power bi so that users can update the cases from there? I want users to be able to update the power apps form in the power bi and have those updates reflected in the sharepoint online list.

How to secure embedded code containing REST api call

I am making a Google Analytics like service where you embed generated code into your website and it tracks certain data. I have a backend REST api, but I am not sure how to securely implement a call to it in the frontend without all the authentication data being exposed. I am worried that if a user embeds this code into their website with authentication, such as a session ID or a user ID, anybody would be able to just take that data and make a call to the api before the session times out and mess with the user’s data. Is there any way to prevent this risk and safely design the backend api and the call so that it is much more difficult or impossible for people to make calls to a user’s private api?

States and behaviour for progress bars embedded in tables

These days it is not uncommon for data tables to contain more complex UI elements (i.e. not just data), with things like pills (or tags), call-to-action buttons, icons, and even graphs & charts (e.g. sparklines) to be embedded.

However, I haven’t actually seen the specific behaviour for these embedded UI elements specified in the context of an child element in a table cell.

So the question is, what happens to a progress bar (and other UI elements) when the table row cycles through different states (e.g. hover-over, active, selected, etc.) and how does the styling and behaviour change compared to when they are outside of a table?

enter image description here

A specific example of this is to consider what happens to a table cell containing a progress bar (which is actually not an uncommon thing to see) if it is selected. Should it be:

  1. Unchanged (even though there might be some contrast issues with the table cell’s selected state).
  2. Modified by making changes to the colour or styling
  3. A custom rule to the behaviour of the table to accommodate the interaction

If you can include any screenshots of actual examples of applications (rather than CodePen or design concepts) that would be very useful for illustrating the answer.