Moodle Bug: Unable to inject <script>javascript code</script> in blocks or course activities
-
I guess we need someone here with basic moodle experience at least then. I am not really following the issue tbh. So you cannot submit a form to inject the code or is the code just not injected or is there any error anywhere? But also injecting the same code in the "Additional HTML" feature works as expected?
It could be that other places to inject code requires moodle to write to a read-only location on disk, but then some error should be shown to get more insight.
-
-
I recorded a video to demonstrate the issue.
-
@joseph
I just tested the following 4 csp blockers but did not work.
The chatbot is still not showing up.
I am not sure if these plugins are actually good quality.
Some comments say it works, while other say it doesn't work.https://chromewebstore.google.com/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden
https://chromewebstore.google.com/detail/anti-cors-anti-csp/fcbmpcbjjphnaohicmhefjihollidgkp
https://chromewebstore.google.com/detail/allow-csp-content-securit/hnojoemndpdjofcdaonbefcfecpjfflh
https://chromewebstore.google.com/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd -
@taowang I tested from your video. From the browser's source it seems that the links are convereted into a tags. In Page -> More -> Filter, if you set "Convert URLs into links and images" to Off, something loads. I can send Hi to chatbot and it returns something.
-
OMG it worked!!!! Thank you very much.
Here is a site-wide config for all course pages:
- go to site administration > plugins
- press command + 5 to search for "Convert URLs into links and images"
- click on settings and toggle off the HTML format
- use HTML format when injecting code with urls
-
-
-