Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
3.5.8, 3.5.11, 3.6.5, 3.6.9, 3.7.2, 3.7.5, 3.8.2, 3.9.2, 4.1, 4.2
-
None
-
MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE, MOODLE_401_STABLE, MOODLE_402_STABLE
Description
To recreate
- Embed a youtube video on the course page
- Note that the video is showing
- Login as another user in the course with the "Login as" button
- Note that the video is not showing
Same thing occur in Book and other resources and activities.
Update by MH: We apply forceclean to 'login as' sessions to prevent JavaScript risks from untrusted content (such as students' dashboards), but there needs to be further investigation into whether it's: 1) possible and 2) safe, to apply this sanitizing only on the pages where it is required, so that teachers can still see "trusted" content (such as iframes and JavaScript included by teachers within a course) when logging in as their students.