Content can potentially contain malicious elements. It further needs to be protected from unauthorized access. In this section, we shall deal with the security of data and content.
Users are able to create content in Moodle by either using the resource editor or uploading files. A number of settings are available to partly prevent the misuse of these.
HTML allows the embedding of code that uses the explicit
<OBJECT> tags. This mechanism has recently gained popularity with sites, such as YouTube, Prezi, Voki, and Google Maps, providing code to be embedded for their users. Potentially, malicious code can be put in the embedded script, which is why its support is deactivated by default. ...