Totara Learn Open Discussions

Good Idea? Embed a PDF within a Page Activity

 
Kevin Hayes
Good Idea? Embed a PDF within a Page Activity
by Kevin Hayes - Tuesday, 23 March 2021, 3:08 AM
 

I thought I'd share a trick I've been using within our Totara 12 as I'm curious what others think - i.e. good idea or terrible idea?

Using the Page Activity it is very easy to create a page activity that includes text and to embed an image, a video or an audio file.  This can all be done using the html editor when editing the Page Activity.

What isn't possible from the menu is to embed a PDF.

You can of course embed a PDF using the File Activity but it is very limited and only works if the PDF is the single file you want on the page.

I wanted to create a course that included a page with a number of file types embedded within the page, images, videos and a PDF.

To acheive this I've used a two step approach.

Step one is to use the FILE Activity to upload the PDF.  I set the the Display Setting to OPEN


I then view the result.  This will show the PDF within the browser and critically enables me to copy the unique URL of the PDF file (i.e. its location within the LMS)


Step two is to create a PAGE Activity.  In the Page Activity I use the HTML editor to insert some DIV html code (see below) which includes the URL for the PDF I uploaded within the file activity.

You can tweak the various size settings (Width abd Height) within the code as required but the end result is that the PDF file will now be embedded within the Page Activity. 


As this is a Page Activity you can include other elements within this page - such as text, images, video and audio.  

I think this adds a really useful capability to the Page Activity - enabling you to embed PDF files in addition to images, video and audio files.

What do you think?  Terrible idea or actually useful?

Here is the HTML code (also attached a TXT file):


<!-- The HR command creates a line across your webpage -->

<hr>

<div class="resourcecontent resourcepdf" align="center">

<object id="resourceobject" data="PUT_THE_UNIQUE_URL_FOR_THE_PDF_HERE" type="application/pdf" width="95%" height="600">

<param name="src" value="PUT_THE_UNIQUE_URL_FOR_THE_PDF_HERE" type="application/pdf">

</object>

</div>

<!-- The HR command creates a line across your webpage -->

<hr>



 
Text file Embed PDF Code.txt
Permalink | Reply
Craig Eves
Re: Good Idea? Embed a PDF within a Page Activity
by Craig Eves (Totara Support) - Sunday, 28 March 2021, 7:47 PM
Group Totara

Hi Kevin

The allow PDF embedding setting is not allowed by default as it is a security risk . This setting was added to Totara 13.1 .

Some web browsers allow JavaScript and the PDF file could contain malicious JavaScript so this is probably not a good idea to try and allow this.

Regards



 
Permalink | Show parent | Reply
Kevin Hayes
Re: Good Idea? Embed a PDF within a Page Activity
by Kevin Hayes - Monday, 29 March 2021, 6:45 AM
 

Hi Craig,

Thanks for the feedback.  I might be  missing something but I guess when embedding any file you need to ensure it's from a trusted source and does not include malicious code.  PDFs aren't unique in this respect - malicious code could be inserted in other file types as well.

ZIP, WinRAR are commonly used to contain malicious code.  Microsoft Office files, all Word documents (DOC, DOCX), Excel spreadsheets (XLS, XLSX, XLSM), presentations and templates are also very popular with cybercriminals. These files may contain integrated macros -small programs that run inside the file, which cybercriminals use as scripts to download malware.

Totara 12 (the platform we are on) already enables embedding of PDFs (and other file types) through standard functionality available within the FILE activity.  

If embedding a PDF is such an extreme security risk I can't see why it's provided in the FILE activity but not for embedding within a PAGE activity?

As I said very likely I'm missing something here but I can't see why embedding a PDF is available in one activity and not another if ever embedding a PDF is a bad idea?

Site Managers need to ensure that any file linked or embedded within their platform is free of malicious code and is from a highly trusted source regardless of file type - if this best practise is being followed (as obvisouly it should be) don't see why embedding a PDF would present an unaccpetable security risk?  Again I might be missing something significant?

 
Permalink | Show parent | Reply
Craig Eves
Re: Good Idea? Embed a PDF within a Page Activity
by Craig Eves (Totara Support) - Monday, 29 March 2021, 4:17 PM
Group Totara

Hi Kevin

Unfortunately I don't know the reason for not allowing pdf embedding over other file types as i am not a security expert .

I was reporting the feature in 13 to prevent this in and why this was added that was described in the feature ticket.

As far as i understand there are filters to ensure malicious code isn't able to be included in files - there may be something different about how this is stored in PDF files.

i will try and get someone with more security knowledge to provide details on the security risk . I don't think it is extreme risk otherwise there probably wouldn't be an option to allow the embedding. 

Regards


 
Permalink | Show parent | Reply