As a matter of security, iframes are hidden in the private area from SPIP 4.4.8 onwards, except for domains explicitly authorised via a constant _IFRAME_SAFE_DOMAINS.
This constant must contain an array of regular expressions describing all authorised domains, without protocol, without path and without “/” at the end.
Example :
define ('_IFRAME_SAFE_DOMAINS', [ 'en\.wikipedia.org', '.*\.spip\.net']);