Content control should have administrative configuration to restrict what domains are allowed to embed content from
Currently the SmartForms content control can embed content from any domain/site instead of allowing an administrator to restrict it to certain sites/domain that are known to be safe.
The idea is to allow an environment administrator to add restrictions for the content control similar to what SharePoint does:
https://support.office.com/en-ie/article/allow-or-restrict-the-ability-to-embed-content-on-sharepoint-pages-e7baf83f-09d0-4bd1-9058-4aa483ee137b
Options that should be available:
Allow Any Domain
Restrict to whitelist of domains
explicit: help.denallix.com
wildcard: *.denallix.com
Automatically includes all domains associated with smartForms
Do not allow content injection (Not essential)
Prevents the control from being used on new forms/views
Configuration must be available through management site so that platform admins can control these restrictions, and the settings.
At runtime, when a content control tries to load content from a site, it first checks if it adheres to the restrictions applied and throws an appropriate error if it does not.
