Brightspace Test

This page illustrates the silent replacement of <script> elements when uploading an HTML file to brightspace. It contains a script section which displays an alert() when loaded into the browser.

• The <script> element is silently replaced. This silent deletion of user submitted content is totally unacceptable.
• A workaround is to upload using a .txt extension.
• The reason for this behavior is probably due to the security ramifications of allowing script injection. There are many better alternatives to the silent loss of user data:
  1. Not permitting the upload of such content by providing a suitable error message to the user.
  2. Commenting out <script> elements.
  3. Changing the extension of the upload as in the above workaround.