I have done this as part of a blog post I did last year: https://medium.com/@cloudymike/building-a-screenshot-api-service-for-google-secops-soar-39cd9ad5a0ff

-mike

Thanks Mike, I've been using this blog post to help guide some of the HTML parts - awesome work by the way.

Our setup is slightly different in that we're converting the UTF-8 of a CDN hosted PNG into a base64 string. The base64 is valid along with the HTML it's added into within our custom action. If I paste it statically into the HTML widget it all renders fine. However if I use any form of placeholder with these values it displays as attached.

Is the screenshot from the html editor or from an actual case? The editor does not render placeholders. The only way to test if it work is to create a new case and have the playbook run to create the view.

It's the actual alert after the PB has been executed to change the view.

So the only time I see the placeholder being used is when the action does not return anything. (meaning it the output field doesnt exist at all) That is when the platform shows this. I suggest if you havent done it yet, trouble shoot the action. Ensure that it is running and returning a value.

I've raised a support ticket. The value is absolutely being set from the action to the correct HTML that renders fine if I statically paste it into the widget.

Seems to be some issue with placeholders (at least in my environment).

 I would load the Alert where the problem occurs, use dev tools to inspect the body of the widget (note, you might have to dig through a few layers of iframes to find the body).  This will show you the raw HTML how your code parsed, copy paste this into a raw HTML file on your local computer to test.  If it works, the problem is SecOps.   I suspect you will see the problem when you inspect the raw HTML, and you will know how to adjust accordingly in the code