H5P Hub Queries (content review)

Hi everyone,

My team and I are looking to potentially implement the H5P Hub on Moodle, to replace our current way of working with the content bank.

Some questions have been raised which I'm having some difficulties finding the answers to, and I wondered if anyone might be able to help. Any assistance is gratefully received. 

The queries raised are:

1) On the H5P Hub, for 'Get Shared Content',  what is the 'Reviewed Content' / 'Show only reviewed content' tick box?  Who is doing the reviewing, and what conditions is it being reviewed against?  Also, is there any way centrally of stopping users looking at things that are not reviewed?

2) As we are downloading packages from other users, is there any risk of hidden malicious code in these packages?

3) Is it possible to block the 'upload' but not the 'Get Shared Content', or do both have to be either off or on?  (We are concerned about users unwittingly sharing content that has sensitive data.)

4) Off the back of question 3, is there any built-in method to push shared content to a queue to be reviewed by another team in our organisation, before it is uploaded for the wider H5P community to see?  I appreciate from what I've seen, this is unlikely - but I need to check this off as part of our review.

Thank you so much for your time,

Matt

BV52's picture

Hi Matt,

  1. Contents are reviewed to make sure that there are no errors or it is working properly (no obvious bugs). They are also checked for images, references or links to pornography, weapons, violence or anything inappropritate etc. The contents are reviewed by someone from the H5P core team. Currently there is no way to stop users from looking are the contents that have not been reviewed. However contents are reviewed on a regular basis and those found to be inappropriate to share are unpublished immediately. 
  2. There is always a risk to download something malicious, however H5Ps contents are designed to minimize this. Additionally, there is no guarantee that the links that were inserted in the contents are safe. I think general safety procedures should still be followed when using contents in general. 
  3. No, and I don't think there will ever be.
  4. No, but this seems to be a good idea and I will suggest this to the team that handles the Hub.

-BV

otacke's picture

#3 sounds like something that a good old-fashinoned CSS style override or a DOM node removal should be able to do. Not particularly beautiful, but could be a way out.

Hi otacke, thank you very much for your suggestion here. We will keep this in mind.

Hi BV52,

Thank you so much for your very detailed and thorough reply here.  It's really appreciated.

I wondered if I could please ask a couple of follow-up questions?

They are:

1)  When you say H5Ps are designed to minimize the potential to upload/download malicious code, please would you mind expanding on this a bit more, so I may feed this back to my team?

2) For the Moodle plugin, are you able to please confirm how we switch off overall interaction to the H5P community (so we still see the H5P hub, but the ability to 'get content' or upload H5Ps is turned off?).   It was turned off previously I think, but now seems to be on.

Thank you so much again.

Matt

 

BV52's picture

Hi Matt,

1. In general uploading files are limited to images, audio and video. HTML codes are not allowed inside text boxes. Additionally, changes to the code needs administrator access.

2. Disabling the OER Hub is not possible once enabled. However it does make sense that it should be possible so I'm sending a request to the Product team so that they may consider adding this option for future updates. 

-BV