Moodle Bug: Unable to inject <script>javascript code</script> in blocks or course activities
-
wrote on Aug 21, 2024, 12:36 PM last edited byThis post is deleted!
-
wrote on Aug 21, 2024, 12:46 PM last edited by
But these errors are not related to the injection problem.
-
-
Those errors seem more like a moodle internal problem and possibly bugs worth reporting upstream unless those come from some of the custom code snippets.
-
wrote on Aug 22, 2024, 1:36 AM last edited by
I recorded a video to demonstrate the issue.
-
wrote on Aug 22, 2024, 3:56 AM last edited by
After deeper investigation, it is likely related to CSP.
But I don't know how the moodle demo site sets its CSP to allow script and css injection directly into course pages. -
wrote on Aug 22, 2024, 7:50 AM last edited by
@joseph
I just tested the following 4 csp blockers but did not work.
The chatbot is still not showing up.
I am not sure if these plugins are actually good quality.
Some comments say it works, while other say it doesn't work.https://chromewebstore.google.com/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden
https://chromewebstore.google.com/detail/anti-cors-anti-csp/fcbmpcbjjphnaohicmhefjihollidgkp
https://chromewebstore.google.com/detail/allow-csp-content-securit/hnojoemndpdjofcdaonbefcfecpjfflh
https://chromewebstore.google.com/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd -
@taowang I tested from your video. From the browser's source it seems that the links are convereted into a tags. In Page -> More -> Filter, if you set "Convert URLs into links and images" to Off, something loads. I can send Hi to chatbot and it returns something.
-
wrote on Aug 22, 2024, 9:30 AM last edited by taowang Oct 3, 2024, 1:54 AM
OMG it worked!!!! Thank you very much.
Here is a site-wide config for all course pages:
- go to site administration > plugins
- press command + 5 to search for "Convert URLs into links and images"
- click on settings and toggle off the HTML format
- use HTML format when injecting code with urls
-
wrote on Aug 22, 2024, 9:33 AM last edited by
-
-
-