Share via

Embedding Morse Code Translator Web App in Microsoft 365 (Office Add-in or SharePoint) Not Executing JavaScript

Emily Jack 40 Reputation points
2026-01-07T21:01:46.7133333+00:00

I have a web-based Morse code translator that works correctly in standard browsers, but I’m encountering issues when trying to embed or integrate it within Microsoft 365 environments such as SharePoint Online pages and Office (Word/Excel) web add-ins.

The application relies on JavaScript to convert text to Morse code and vice versa. When embedded using an iframe or added as part of an Office web add-in, the UI loads, but the conversion logic does not execute, and user input produces no output.

The same page functions correctly outside Microsoft 365, which suggests the issue may be related to sandboxing, Content Security Policy (CSP), or JavaScript execution restrictions within Microsoft 365 and Office web environments.

Environment Details:

  • Microsoft 365 (Business / Enterprise)

SharePoint Online modern pages

Office on the web (Word / Excel)

JavaScript-based Morse code translator hosted externally

What I’ve Tried So Far:

Embedding the site using iframe and Embed web part

Testing HTTPS-only hosting

Reviewing browser console logs for CSP or sandbox errors

Attempting to load the app as an Office web add-in

Questions:

Are there specific JavaScript or iframe restrictions in Microsoft 365 that could prevent execution?

What CSP or permissions are required for external interactive tools?

Is creating an Office Add-in the recommended approach for this type of functionality?

Any guidance on best practices for integrating custom web tools into Microsoft 365 or Office would be greatly appreciated. You can check here as well.

Microsoft 365 and Office | Development | Other
0 comments
Answer accepted by question author
  1. Q&A Assist
    2026-01-07T21:02:02.2766667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    When embedding a JavaScript-based application like your Morse code translator in Microsoft 365 environments, there are several factors to consider that could affect JavaScript execution:

    1. Sandboxing and Security Restrictions: Microsoft 365, particularly SharePoint Online and Office web apps, impose strict security measures, including sandboxing. This can prevent certain JavaScript functions from executing, especially if they attempt to access external resources or manipulate the DOM in ways that are not permitted.
    2. Content Security Policy (CSP): Microsoft 365 environments have CSPs that restrict the sources from which scripts can be loaded and executed. If your application is hosted externally, ensure that it complies with the CSP of the Microsoft 365 environment. You may need to check the browser console for any CSP-related errors that indicate blocked resources.
    3. Iframe Restrictions: When using iframes, ensure that the content you are embedding is served over HTTPS and that it does not violate any of the iframe restrictions set by Microsoft 365. Some features may not work correctly when embedded in an iframe due to these restrictions.
    4. Office Add-in Development: Creating an Office Add-in may be the recommended approach for integrating your Morse code translator into Microsoft 365. This method allows for better integration with the Office environment and can help manage permissions and execution contexts more effectively. Ensure that your add-in is properly configured to allow the necessary JavaScript execution.
    5. Testing and Debugging: Use the browser's developer tools to inspect console logs for any errors that might indicate what is going wrong when the JavaScript fails to execute. This can provide insights into whether the issues are related to CSP, sandboxing, or other factors.

    Best Practices for Integration:

    • Ensure all external scripts are compliant with the CSP of the host environment.
    • Consider using the Microsoft 365 JavaScript APIs for better integration.
    • Test your application thoroughly in the Microsoft 365 environment to identify specific issues related to execution.

    By addressing these areas, you should be able to troubleshoot and resolve the issues with your Morse code translator when embedding it in Microsoft 365 environments.

    References:

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kha-N 7,070 Reputation points Microsoft External Staff Moderator
    2026-01-08T03:34:24.37+00:00

    Hi @EmilyJack,

    Welcome to Microsoft Q&A, and thank you very much for reaching out to us.

    Please note that as a Microsoft Q&A moderator, I don’t have access to your app configuration or tenant environment, so I can only assist through available documentation and resources. That said, I’ll do my best to help.

    Based on your description, aside from Q&A assist suggestion, I’d like to share my insights:

    From my research, your assessment is on the right track regarding iframe sandboxing, Content Security Policy (CSP), and script-execution restrictions.

    For SharePoint Online: In SharePoint Online modern pages, content embedded via the Embed web part is treated as untrusted and is hosted in a restricted frame. SharePoint’s security model (including CSP) is designed to reduce risks like script injection and clickjacking, so JavaScript patterns that work in a normal browser tab can be blocked or limited when framed.

    SharePoint also has allow/deny controls (HTML Field Security) that determine whether an iframe from a given domain can be shown, however note that allowing the domain to render does not grant the embedded page full scripting freedom inside the SharePoint host.

    For more details about SharePoint Online CSP and embedding content on SharePoint pages, feel free to check these Microsoft resources:

    Support for Content Security Policy (CSP) in SharePoint Online | Microsoft Learn

    Allow or restrict the ability to embed content on SharePoint pages - Microsoft Support

    For SharePoint scenarios that require reliable interactive JavaScript behavior, Microsoft’s supported approach is to build the experience using SharePoint Framework (SPFx) rather than relying on an externally embedded iframe. SPFx runs within SharePoint’s supported customization model and is the recommended way to integrate existing JavaScript libraries and client-side logic.

    For reference, you can check these Microsoft documentations here:

    Add an external library to your SharePoint client-side web part | Microsoft Learn

    Use existing JavaScript libraries in SharePoint Framework client-side web parts | Microsoft Learn

    For Office: Office add-ins (Word/Excel on the web) similarly run in a sandboxed runtime with a controlled lifecycle and security/performance isolation according to Microsoft documentation.

    User's image

    If your goal is an interactive tool inside Word/Excel web, implementing it as an Office Add-in is the supported and most reliable approach. Note that Office Add-ins must initialize properly and shouldn’t call Office APIs until Office.js is ready, Microsoft recommends using Office.onReady() for reliable initialization.

    User's image

    Additionally, Office Add-ins require explicit trusted domains configuration (manifest AppDomains / valid domains rules). This affects whether content can load and whether nested iframe resources can call Office.js.

    For reference, you can check out these Microsoft documentations here:

    Privacy and security for Office Add-ins - Office Add-ins | Microsoft Learn

    Initialize your Office Add-in - Office Add-ins | Microsoft Learn

    Managing trust options for Office Add-ins - Office Add-ins | Microsoft Learn

    This summary is based on my findings from the community and several relevant threads. However, it may not accurately reflect the behavior in question. 

    To help you reach your goal more effectively, I recommend posting a thread on the Microsoft Tech Community forum. It’s a great platform for deeper technical discussions and connecting with individuals who have hands-on experience and expertise. They’re best positioned to provide guidance and valuable insights on this topic.

    I also recommend splitting the Office and SharePoint implementations into separate topics, since each requires a different approach to address your request.

    I hope this helps.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.