Quiz correct answers are shared in html page content

Submitted by Denis S. on Thu, 02/21/2019 - 12:13
Forums: 
General discussion

Hello,
I would like to share some experience using H5P "Fill in the Blanks" plugin.
It seems that there is a hack which allows quiz participants to get correct answers during passing a test. It could be even reproduced on demo site.

1) Step 1.

 

2) Click "Ctrl+U" to see page content. And look for the anchor text.

Is there any way to prevent this? 

Thank you.

Attachments: 
Image icon h5p_hack1.png
Image icon h5p_hack2.png
BV52's picture

BV52

Fri, 02/22/2019 - 05:45

Hi Denis,

H5Ps core team knows this and has plans in changing this. This is part of the Roadmap item number 4 "Backend evaluation of answers".

-BV52

 

ngibson

Tue, 05/14/2019 - 09:32

Hi,

Any updates on when Roadmap item number 4 is likely to be released?

BV52's picture

BV52

Wed, 05/15/2019 - 04:49

Hi ngibson,

I'm afraid I do not have a timeline for this yet.

-BV52 

Martin.Stolzlechner

Tue, 05/12/2020 - 11:28

Is there any update on this matter or any possibility to fix this "leak"? Unfortunately, a trick like that doesn't require students to be very tech-savvy and once word gets out, it makes H5P unusable without supervision.

 

otacke's picture

otacke

Tue, 05/12/2020 - 19:45

Hi Martin!

I don't think there's progress as the H5P core team is busy with the H5P OER Content Hub. H5P currently is not intended to be a tool for examinations - and there are probably better examination formats if they're based on obscurity of some solutions ;-)

Best,
Oliver

BV52's picture

BV52

Tue, 05/12/2020 - 19:47

Hi Martin,

The current plan is to release this change in H5P.com but no timelines yet. I'm not sure if the core team have plans to release the same for H5P.org and plugins.

-BV

peterbright's picture

peterbright

Fri, 10/09/2020 - 00:46

Q1: Could someone see the answer for a Hotspot using this method?

Q2: Is there a list of affected H5P types?

BV52's picture

BV52

Fri, 10/09/2020 - 02:24

Hi peterbright,

  1. Yes this is an issue as well with this content type
  2. Short answer all the content types that have a question and answer. THis is because all content types follows the same way/pattern of coding to make it easier for developers to make changes/updates to different content types.

This is outlined in H5P's security model: https://h5p.org/documentation/installation/security#guides-header-4

-BV

peterbright's picture

peterbright

Fri, 10/09/2020 - 02:53

Thanks BV,

Much appreciated.

Regards,
Peter