Hello All,
I have been trying to get some javascript working in the main block.
I have a label with our contact tel and email address. i want to add this java script so robots cannot recognise the email address:
<script language="JavaScript"><!--
var name = "emailname";
var domain = "domainname.org";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(name + '@' + domain + '</a>');
// --></script>
this will appear as:
emailname@domianname.org
However i cannot get this to appear correctly inside the block.
So i deleted the label and made a html block instead and this does work and gets around my problem. However, i also want to edit the Site New Forum also. I tried imputting the same code with the htlm editor in plain text mode. Yet the script does not make the email address appear.
I have tried a number of ways to edit the forum post but have not yet succeeded. I have globally turned off the editor, turned off editor in my profile, edited the MySQL data base manually with the code and still the email will not appear! I have read a number of moodle disscussions that say turning off the editor will do the trick, but does this apply to the forums aswell ?!?!
Thanks for any help
Steve
The forum code adds the X stuff because letting people enter arbitrary JavaScript in the forums is a security risk (it could do anything from crashing the user's browser to stealing their cookies). One could certainly make the argument that site administrators (or maybe even teachers) should be allowed to do it, but that's not how it works right now.
Thanks for the info Tony,
I did notice that the code seems to not be displayed at all. If X's were added to the scripting code then i would still be able to see the actual code itself, however it simply does not display, at all.
So i think it must be able to run however like you say moodle is preventing it, but i think it must be using a different method to simply adding X's.
Am i right i wonder?
It looks like i will have to add some php coding somewhere to allow admins and teachers to input javascript.
Thanks again Tony!
Steve
I've found that the forums will just strip out an javascript code in forum posts before they are displayed. The javascript can be in the database fine, but the php will strip it out. The same with stuff like iframes.
In the Admin->Security->Site Policy there is the "Enable Trusted Content" setting:
I haven't fully tried it yet, but that is probably a place to start.
In the Admin->Security->Site Policy there is the "Enable Trusted Content" setting:
By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc that could be a security risk. The Trusted Content system is a way of giving partcular users that you trust the ability to include these advanced features in their content without interference. To enable this system, you need to first enable this setting, and then grant the Trusted Content permission to a specific Moodle role. Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display.
I haven't fully tried it yet, but that is probably a place to start.
I just went into the Define Roles for users, and changed Trust submitted content to allow for the Teacher level. After that, all forum posts had this added to the beginning of the post:
That seemed to allow <script> tags and the "javascript" function in things like link tags to stay in the forum. Hope that helps.
That seemed to allow <script> tags and the "javascript" function in things like link tags to stay in the forum. Hope that helps.
Re: Enable Java Script
Hello Matt,
Thanks for your help, thats exactly what i'm after!!!
Unfortunately i cannot find the option your describing.
I have found the security section within the site variables in the admin section. However, i cannot find the 'Enable Trusted Content' option any where. I have check from moodle versions 1.5.4 to 1.6.4 and the option is simply not there, unless i'm totally overlooking it.
I wonder is this a new addition to a later version of Moodle such as a 1.7 or 1.8?
I can only run upto version 1.6.4 as i do not have the requirements on my server for higher versions. Although with the extra functionality provided with the latest moodles i will be looking into upgrading the software on the dedicated server i use.
I'd greatly appreciate some clarity with the moodle versions if you can help me out here.
Thanks so much, i'm sure this info will be very usful to others aswell.
Steve
Hello Matt,
Thanks for your help, thats exactly what i'm after!!!
Unfortunately i cannot find the option your describing.
I have found the security section within the site variables in the admin section. However, i cannot find the 'Enable Trusted Content' option any where. I have check from moodle versions 1.5.4 to 1.6.4 and the option is simply not there, unless i'm totally overlooking it.
I wonder is this a new addition to a later version of Moodle such as a 1.7 or 1.8?
I can only run upto version 1.6.4 as i do not have the requirements on my server for higher versions. Although with the extra functionality provided with the latest moodles i will be looking into upgrading the software on the dedicated server i use.
I'd greatly appreciate some clarity with the moodle versions if you can help me out here.
Thanks so much, i'm sure this info will be very usful to others aswell.
Steve
The role system is new in 1.7, unfortunately.
Thanks for the info Tony,
Looks like i'll have to do some hacking then, ah well.
Many thanks
Steve
Looks like i'll have to do some hacking then, ah well.
Many thanks
Steve