Malicious software on compromised staff computers has been inserting scripts into UQ course site content - displaying advertisements to students.

Proposal

ITS propose implemnting “SafeHTML” to protect UQ and students form the impacts of Cross Site Scripting (XSS) attacks.

How

  • All currently used scripts would be added to a whitelist of safe scripts, and would continue to be enabled in course content.
  • New scripts are added to the whitelist through a message to help@elearning.uq.edu.au
  • A limitation is that an error message is not shown to instructors when they attempt to add a non-whitelisted script. Building awareness will be important.