Requirements
We have built an online portal which is embedded in Moodle using iframe functionality. This portal is a catalogue of HTML pages, linked in the format of a mini website.
The iframe is online at:
https://training.rics.org/course/view.php?id=257
Unfortunately, we have been unable to implement a URL change control for the embedded iframe. We want the ability to change the web page that sits within the iframe while maintaining its embedded state in Moodle (Image 3).
I believe that with the correct PHP development, we could control the URL of the web page within the iframe using a hashtag e.g. https://training.rics.org/course/view.php?id=257#index.html
We need this facility in order for us to market a particular product and link directly to it.
Solution
This is a solution that has been proposed to us and we are looking to implement:
1. The client is requesting for a method to load a specific URL within an iframe using a parameter passed in the querystring.
2. The querystring will come with a parameter called 'page' (or any other name agreed with the client beforehand), which will be used to be loaded in the iframe e.g. https://training.rics.org/course/view.php?id=257&page=www.website.com/page_to_load.html
3. A config setting will be implemented that will allow the site admin to specify the id attribute of the iframe that will be used.
4. The developer of this solution needs to be aware, when implementing the solution, of coding it in a secure way. In particular, ensuring that the following code vulnerabilities are addressed: Injection and Unvalidated Redirects and Forwards. The second one can be addressed by implementing a config setting to allow the site admin to specify a white list of URLs that are allowed to be loaded into the iframe, the exact way for this to be implemented is to be defined. If this is not implemented then any arbitrary page can potentially be loaded into the iframe which will compromise the site's security.
5. A function will be created that will be included into the required course format(s) (it needs to be defined which formats require it) and will check if the agreed parameter is found in the querystring. If so, it will be checked against the whitelist of allowed URLs and if it is, it will insert some JavaScript code that will update the 'src' attribute of the iframe with the provided parameter.
6. When that src replacement is done, the URL of the parent Moodle page will not change. i.e. as the user moves through the iframe, the different pages are not bookmarkable, but users can be directed to specific pages within the iframe by including the appropriate parameter in the querystring of the parent moodle page.
7. If not parameter if found in the querystring, the iframe by default will load the page specified in its src attribute.
Personal requirements:
- That you are comfortable with this development
- Need to provide timescales and quote a price
- How do you want to arrange access to the relevant code?
We will want to perform this development on our test site and ensure that all coding changes are properly documented and disclosed to us at the end of the project or whenever requested.
I look forward to hearing from potential php developers with their price quote and time scales for doing the above task.