Option to allow/disallow HTML/JavaScript in ILIAS LM

1 Requirements

As briefly discussed on the spring 2016 DevConf in Bremen JavaScripts can represent in security risk (ie. cross-site scripting vulnerability) in learning modules (especially in SCORM and HTML but also in ILIAS LM). Therefore we urgently propose a system-wide option to disallow HTML/JavaScript in ILIAS LM (similarly to the option already implemented for portfolios).

An option like this would enable universities with very security-conscious CERTs to continue offering the creation of ILIAS LM for their users.

Disallowing the embedding of 3rd-pary JS should not dimish the functionality of ILIAS LM.

2 Additional Information

• Idea / concept: Christian Bogen, Universität Stuttgart
• Interest in funding: Universität Stuttgart
• Maintainer: (will be set by Jour Fixe / maintainer)
• Implementation of the feature is done by (will be set by Jour Fixe / maintainer)
• Testcases by: (please add your name if you want to create the testcases for this feature)

3 Discussion

Zenzen, Enrico [ezenzen], 05 SEP 2022: This request no longer fulfills the requirements of the Feature Wiki. In consultation with the maintainer I change the status of the feature request to "Redundant / outdated". If the request is still relevant, please update template and mockups.

4 Implementation

{please give a description of the final implementation and add screenshots if possible}

Test Cases

Test cases completed at {date} by {user}

• {Test case number linked to Testrail} : {test case title}

Approval

Approved at {date} by {user}.