Malicious software on compromised staff computers has been inserting scripts into UQ course site content - displaying advertisements to students.


ITS propose implemnting “SafeHTML” to protect UQ and students form the impacts of Cross Site Scripting (XSS) attacks.


  • All currently used scripts would be added to a whitelist of safe scripts, and would continue to be enabled in course content.
  • New scripts are added to the whitelist through a message to
  • A limitation is that an error message is not shown to instructors when they attempt to add a non-whitelisted script. Building awareness will be important.