Full screen pop-up with some JavaScript security

Full screen pop-up with some JavaScript security

by Dominique Bauer -
Number of replies: 2
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

In the quiz settings, if you set the Browser security to ''Full screen pop-up with some JavaScript security": (from the tooltip)

  • The quiz will only start if the student has a JavaScript-enabled web-browser
  • The quiz appears in a full screen popup window that covers all the other windows and has no navigation controls
  • Students are prevented, as far as is possible, from using facilities like copy and paste

That is:

  • Students can not copy using the mouse, that is, they can not select any part of the text
  • Right mouse click is disabled
  • The browser menu is disabled
  • The Ctrl-X, Ctrl-C and Ctrl-V keystrokes are disabled

If you also want to discourage students from checking the source code of the quiz page, you can disable the F12 key and the Ctrl-U, Ctrl-Shift-I and Ctrl-Shift-J keystrokes by placing the following script in the HTML code of the question text:

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
  $(document).keydown(function (event) {
    // Prevent F12
    if (event.keyCode == 123) {
        return false;
    // Prevent Ctrl+U
    } else if (event.ctrlKey && event.keyCode == 85) {       
      return false;
    // Prevent Ctrl+Shift+I
    } else if (event.ctrlKey && event.shiftKey && event.keyCode == 73) {
      return false;
    // Prevent Ctrl+Shift+J
    } else if (event.ctrlKey && event.shiftKey && event.keyCode == 74) {
      return false;
    }
  });
});  
</script>

The above script works in Chrome. I did not check with other browsers.

Average of ratings: Useful (1)
In reply to Dominique Bauer

Re: Full screen pop-up with some JavaScript security

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Just to note, there is no particular reason to prevent students from viewing the HTML source. Moodle questions types are designed so that there is not information hidden in the HTML that would give any hints as to what the right answer is.

On the other hand, the suggested code will work. (But, why not submit it as an improvement to the Moodle code, rather than hacking it in to the text of each question?

Average of ratings: Useful (1)
In reply to Tim Hunt

Re: Full screen pop-up with some JavaScript security

by Dominique Bauer -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Hello Tim,

We can lighten the code as follows:

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
  // Prevent F12, Crt-U, Ctrl-Shift-I and Ctrl-Shift-J
  $(document).keydown(function (event) {
    if (
      (event.keyCode == 123) ||
      (event.ctrlKey && event.keyCode == 85) ||
      (event.ctrlKey && event.shiftKey && event.keyCode == 73) ||
      (event.ctrlKey && event.shiftKey && event.keyCode == 74)) {       
      return false;
    }
  });
});
</script>

We could even lighten it a little more, but it would become a bit difficult for the teachers to understand:

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
  // Prevent F12, Crt-U, Ctrl-Shift-I and Ctrl-Shift-J
  $(document).keydown(function (event) {
    if ((event.keyCode == 123) ||
       (event.ctrlKey &&
       (event.keyCode == 85 ||
       (event.shiftKey &&
       (event.keyCode == 73 ||
        event.keyCode == 74 ))))){       
      return false;
    }
  });
}); 
</script>

I agree with you that there is no information in the source code that can give the correct answer ... unless the teacher writes a script that includes it. For example, recently David Walters wanted to give as feedback by how many orders of magnitude a response is incorrect. I suggested doing the math in a small Java script, where you obviously have to know the correct and incorrect answers, which unfortunately appear in the script. There could be other situations where we would like to block access to the source code.

The blocking of the source code seems to be a controversial subject. See for example comments on Stack Overflow:

This is a pointless exercise. There is nothing you can do to prevent people from seeing your source code. You're welcome. Let me know if you find a way to disable my browser's View Source menu option and all of the developer tools (even with Javascript disabled). Then I'll give you half a dozen other ways of circumventing your efforts.

So I wanted to validate my little script with you, to find out what you thought. I'm glad you did not reject it outright by saying that it was useless. Although an experienced programmer might still have access to the source code, I believe that by blocking F12, Ctrl-U, Ctrl-Shift-I and Ctrl-Shit-J, the vast majority of my students will not be able to access to the source code.

By providing a Java script, I offer an immediate and readily available solution to teachers who may need it. One could also ask the following question: Are there situations when we would like students to have access to the source code? If the answer is clearly no, we could incorporate this blocking in the Moodle code.

I thank you all for your cordial and constructive comments. I will submit a proposal in the Tracker.

Average of ratings: Useful (2)