Blocked file extensions for Iframe Embedded content (on Moodle)

Hi,

I'm trying to package up HTML/JS content into H5P packages, using Iframe Embedder.

The ReadMe indicates that internal embedding is possible... I've correctly zipped the archive, but getting multiple errors:

"File "xyz.html" not allowed. Only files with the following extensions are allowed: json png jpg jpeg gif bmp tif tiff svg eot ttf woff woff2 otf webm mp4 ogg mp3 m4a wav txt pdf rtf doc docx xls xlsx ppt pptx odt ods odp xml csv diff patch swf md textile vtt webvtt gltf glb."

It appears to be a whitelist - I'm assuming within the mod_hvp. Poking around github, I can find a defaultWhitelist property with the default file extensions above, but can't find anywhere it's later set (ie admin interface). Comments in the code do state that it can be overriden, but no matter how hard I stare at the screen, I can't seen any whitelisting options.

Again, I'm assuming this is enforced by mod_hvp and not by Moodle's own security (which I also can't find a whitelist for)?

Much of the content is produced in Hype, my plan is to write a new output script for it, that will correctly structure the files, stuff it into a directory with template Iframe Embedder and then zip it up, so it will be a very nice workflow, but I'm a bit stuck with not being able to upload them :(

Thanks

Jon