Changed behavior for pasting JavaScript in Original Course View Content Editor - 3900.41
Blackboard Learn SaaS, Blackboard Learn 9.1
Original Experience
Original Course View
Impact: All users
The Original Course View Content Editor allows users to paste JavaScript into their HTML. JavaScript can add rich capability to web content but can be malicious. The Content Editor removes JavaScript automatically for most users when saved. This way, scripts cannot harm other users. Only authorized users can keep JavaScript when they save.
In the past, the Content Editor would temporarily render pasted scripts in the edit view. A user copying a script from a bad actor could inadvertently run a script against themselves.
A user could still run malicious JavaScript against their own device, but not by using the Content Editor. For users authorized to save scripts, JavaScript will still render after they save.
For administrators: This feature is available for all Original courses. There are no configurations needed. The existing permission for the ability to save scripts is called, “Add/Edit trusted content with scripts.”