Copy link to clipboard
Copied
I am having a problem with students hacking the captivate quiz questions by using browser developer tools to discover correct answers for quiz questions by inspecting javascript code. It turned out to be incredibly easy for the students to accomplish this and teach others to cheat as well. I wrote some javascript code with variables that held the correct answers. My javascript functions were stored in a file that was read in by the code that executes with the code in index_scorm.html. The students simply searched for "correct" and found variables using that partial name from which they could learn the run time values by displaying them in the console. OK, that vunerability was my fault for putting the code in a file because there, it can be inspected from a webpage displaying any page in the course. I have fixed this flaw in my code. But I don't have a good understanding of what other information can be discovered using developer tools. Does anyone know, when a quiz slide is entered, can a user discover javascript code executed in the "On enter" and "on exit" actions? What about javascript code that executes from a button or advanced action? Can this code be read and evaluated by the student using developer tools? I am publishing in HTML5 only.
Copy link to clipboard
Copied
So you are building custom questions, not using Captivates questions?
The only way to definitively hide anything from the user is to use server side scripts. Every thing is in the DOM if you know how to read it.
You could also try to obfuscate your JavaScript. There are plenty of free obfuscators.
Copy link to clipboard
Copied
If they do some reading about SCORM, and know their way around JS, it is pretty easy to find the code to send completion to the LMS. No need to even find the correct answers, open the course and paste in the code for completion.
Copy link to clipboard
Copied
Above you wrote the following questions:
"Does anyone know, when a quiz slide is entered, can a user discover javascript code executed in the "On enter" and "on exit" actions? What about javascript code that executes from a button or advanced action? Can this code be read and evaluated by the student using developer tools?"
The answers is Yes.