Integration, Extension, and Management:
Global HTML Filter Requirement Change – 3900.50
Blackboard Learn SaaS, Learn 9.1
Original Course View
Impact: All users
We conduct continuous reviews of Blackboard Learn to improve our security. Learn has an HTML filter in the Original Experience and Original Course View. This filter removes scripts that users add in the content editor. This helps prevent cross-site scripting (XSS) vulnerabilities.
In the past it was possible for an administrator to turn off this filter. Starting with this release, the filter will always be on. Administrators can still allow certain users to bypass the filter. They can grant users the privilege Add/Edit trusted content with scripts. As before, we recommend administrators restrict the number of users with this privilege.
The Ultra Experience and Ultra Course View do not use this filter. In the Ultra Course View, HTML blocks render in an iframe from a separate domain. This prevents XSS risk to the Learn application.
For administrators: There are no configurations needed. This change will happen automatically. It will not be possible to turn off the global HTML filter.