I am creating some custom content that effectively uses Captivate as a "Scorm wrapper".
I am looking at including a pop-up form in which the trainee can type in their own notes and then use the driver to send a message to Moodle to store.
So basically the trainee could type anything in.
My question is:
Does Moodle check SCORM messages (or Tincan messages etc) sent to it for SQL Injection?