Embed advanced HTML
  • 28 Oct 2024
  • 1 minute to read

Embed advanced HTML


Article summary

For security reasons, the ability to embed advanced HTML in Totara has been removed by default. You can revert back to the previous functionality by following these steps:

  1. Go to Quick-access menu > Security > Security settings.
  2. Tick the Disable consistent cleaning setting. 
  3. Click Save changes

If this setting is not enabled then noclean options for showing advanced HTML will also be ignored.

We strongly recommend that you do not enable this setting, as doing so could expose your site to security risks.

For full details of these changes please see the developer documentation.

A security patch in version 14.41 changed the behaviour of HTML files in courses. Any embedded HTML you have added to a course using the file resource will now be downloaded instead of being viewed on the page. If you need to revert to the previous behaviour you will need to disable consistent cleaning (see above), then set the $CFG->disable_forced_html_download = 1; flag in config.php. We do not recommend using this flag unless it is critical to your site's operation. If enabled, a warning will appear in the site's security report.
Can't find what you're looking for? Contact us at documentation@totara.com. Alternatively, book a call to have a chat about your Totara platform with a dedicated Customer Success Manager.

© Copyright 2024 Totara Learning Solutions. All rights reserved. Some content originally obtained via GPLv3 license and continues to be available under GPLv3. All other content is the sole copyright of Totara Learning Solutions. 

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.