News just in;
“This has been fixed in our mainline code of Sp15 and has been back-ported to Sp12. This will now go into testing and scheduling for a cumulative patch.I do not yet know the CP this will be added into. I expect I will have this information very soon.”
So be careful with that workaround..
From: Blackboard/Courseinfo userslist [mailto:[log in to unmask]] On Behalf Of David Barrett
Sent: 25 June 2013 16:33
To: [log in to unmask]
Subject: Re: bb frameset fix?
Hi,
This post from Kevin Lowey (on the bbadmin list) may be of help here.
This is intentional. It was done as a security precaution to prevent possible cross-site scripting attacks. Although I think it is taking this a bit too far to block the ability for the instructor or the system administrator to do this.
One workaround is to create an HTML file on your own system (either in the course or in the "institution" area if you have community). Inside that file, use HTTP Meta Refresh to link to the external page. Then in your course, link to the local file instead of the external page.
That worked for our "help" tabs (which linked to help on a separate server). I suspect it will also work inside courses.
The following is example HTML code to do this redirect. You would replace " https://www.usask.ca/its/courses/coursetools/" with the web site you want to redirect to. The "noscript" is there just in case javascript is turned off and the redirect doesn't work, although if you have javascript turned off then probably most of Blackboard wouldn't work.
The "meta" line in the header basically says "After 0 seconds redirect the web browser to the url specified". So the users are sent to a local file inside Blackboard (avoiding their nasty warning), and THEN that page redirects them to a site located outside blackboard, which displays in the same window.
Of course, now that I've published it here, there will probably be people in Blackboard working on a way to block this workaround for security reasons :(
<html>
<head>
<meta http-equiv="refresh" content="0; url=https://www.usask.ca/its/courses/coursetools/">
</head>
<body>
<noscript>
<p>If the page does not appear then click <a href="https://www.usask.ca/its/courses/coursetools/" target="_blank">this link</a></p>
</noscript>
</body>
</html>
On 25 June 2013 12:24, Jill Cantrell <[log in to unmask]<mailto:[log in to unmask]>> wrote:
Hi Martin,
yes, this has caused us a problem too.
Best wishes,
Jill
Jill Cantrell
Team Manager, Delivery Team
The College of Law
15-17 Ridgmount Street
Bloomsbury
London
WC1E 7AH
Direct line: +44 (0)1483 216895<tel:%2B44%20%280%291483%20216895>
Fax: +44 (0)207 436 7134<tel:%2B44%20%280%29207%20436%207134>
On 25/06/2013 at 11:57, Martin Lynch <[log in to unmask]<mailto:[log in to unmask]>> wrote:
Is anyone else concerned about the fact that the recent security fix had the unexpected impact on preventing windows opening in the frameset? We have faculties who load learning material from their own servers into the frameset and we’ll have to de-develop in short order if this isn’t addressed – I’ve been told they hope it will be looked at pre-August but no promises.
Martin Lynch FHEA
Learning Systems Manager │Rheolwr Systemau Ddysgu
[log in to unmask]<mailto:[log in to unmask]>
University of South Wales │Prifysgol De Cymru
Pontypridd
CF37 1DL
Tel │Ffôn: 01443 483764<tel:01443%20483764>
Fax │Ffacs: 01443 483764<tel:01443%20483764>
http://www.southwales.ac.uk
[eMailSignature]
law.ac.uk<http://www.law.ac.uk>
Find us on:
facebook.com/universityoflaw<http://www.facebook.com/universityoflaw>
twitter.com/universityoflaw<http://www.twitter.com/universityoflaw>
youtube.com/universityoflawuk<http://www.youtube.com/universityoflawuk>
This email and any attachment(s) is intended for and confidential to the addressee. If you are neither the addressee nor an authorised recipient for the addressee please notify us of receipt, delete this message from your system and do not use, copy or disseminate the information in, or attached to it, in any way. Our messages are checked for viruses but please note that we do not accept liability for any viruses which may be transmitted in or with this message.
________________________________
'The University of Law' is the trading and brand name of The University of Law Limited and College of Law Services Limited
'College of Law Media' is the trading and brand name of Legal Network Television Limited
The University of Law Limited. Company Number: 07933838
College of Law Services Limited. Company Number: 07933854
Legal Network Television Limited. Company Number: 07933849
Registered Office: Braboeuf Manor, St. Catherines, Guildford, Surrey, GU3 1HA, United Kingdom. Registered in England and Wales
________________________________
--
David Barrett
VLE Application Manager
E-Learning Development Team
Room LFA/132 (Harry Fairhurst)
JB Morrell Library
University of York
York YO10 5DD
Email: [log in to unmask]<mailto:[log in to unmask]>
Tel: +44 (0)1904 32 1140
http://vlesupport.york.ac.uk<http://vlesupport.york.ac.uk/>
Stay up to date - subscribe to our blog: http://elearningyork.wordpress.com/
EMAIL DISCLAIMER<http://www.york.ac.uk/docs/disclaimer/email.htm>
