Full screen pop-up with some JavaScript security

Re: Full screen pop-up with some JavaScript security

by Dominique Bauer -
Number of replies: 0
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers

Hello Tim,

We can lighten the code as follows:

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
  // Prevent F12, Crt-U, Ctrl-Shift-I and Ctrl-Shift-J
  $(document).keydown(function (event) {
    if (
      (event.keyCode == 123) ||
      (event.ctrlKey && event.keyCode == 85) ||
      (event.ctrlKey && event.shiftKey && event.keyCode == 73) ||
      (event.ctrlKey && event.shiftKey && event.keyCode == 74)) {       
      return false;
    }
  });
});
</script>

We could even lighten it a little more, but it would become a bit difficult for the teachers to understand:

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
  // Prevent F12, Crt-U, Ctrl-Shift-I and Ctrl-Shift-J
  $(document).keydown(function (event) {
    if ((event.keyCode == 123) ||
       (event.ctrlKey &&
       (event.keyCode == 85 ||
       (event.shiftKey &&
       (event.keyCode == 73 ||
        event.keyCode == 74 ))))){       
      return false;
    }
  });
}); 
</script>

I agree with you that there is no information in the source code that can give the correct answer ... unless the teacher writes a script that includes it. For example, recently David Walters wanted to give as feedback by how many orders of magnitude a response is incorrect. I suggested doing the math in a small Java script, where you obviously have to know the correct and incorrect answers, which unfortunately appear in the script. There could be other situations where we would like to block access to the source code.

The blocking of the source code seems to be a controversial subject. See for example comments on Stack Overflow:

This is a pointless exercise. There is nothing you can do to prevent people from seeing your source code. You're welcome. Let me know if you find a way to disable my browser's View Source menu option and all of the developer tools (even with Javascript disabled). Then I'll give you half a dozen other ways of circumventing your efforts.

So I wanted to validate my little script with you, to find out what you thought. I'm glad you did not reject it outright by saying that it was useless. Although an experienced programmer might still have access to the source code, I believe that by blocking F12, Ctrl-U, Ctrl-Shift-I and Ctrl-Shit-J, the vast majority of my students will not be able to access to the source code.

By providing a Java script, I offer an immediate and readily available solution to teachers who may need it. One could also ask the following question: Are there situations when we would like students to have access to the source code? If the answer is clearly no, we could incorporate this blocking in the Moodle code.

I thank you all for your cordial and constructive comments. I will submit a proposal in the Tracker.

Average of ratings: Useful (2)