CUNY Academic Commons

Thanks for this info Boone.

Just to clarify, would installing the h5p plugin allow this professor to embed h5p content from another source rather than rebuilding it all herself? If so, installing the plugin might be worthwhile, even if it was only available on her site and not on the Commons for wider use until there is a more extended conversation about making it available on the Commons.

I am not sure how many items she is attempting to embed but I can ask if that is the easier route to take now rather than installing the plugin.

I wouldn't say there is a big push or wide interest in H5P right now; I have not had anyone ask about it in a while. That said, I do think its worthwhile to return to the possibility in the future since it would likely be a huge plus for many instructors to be able to offer low stakes quizzing.

Just to clarify, would installing the h5p plugin allow this professor to embed h5p content from another source rather than rebuilding it all herself?

By default, the plugin allows you to upload your own H5P content, or to load it from the official H5P library. To my knowledge, neither of these would include embedding of arbitrary H5P content from the owl.excelsior.edu page - the Commons site would either have to load the content from the same library where that H5P content is distributed (if it exists), or the H5P files would have to be sent by the author to the Commons admin and then uploaded to the Commons site. As noted in #9947, I strongly recommend against the functionality that would allow Commons users to upload H5P libraries (the latter situation described here), as there's no way to verify or even assume the security of those files. Generally speaking, I don't see a future where we'd ever allow users to arbitrarily embed content from a third-party site - third-party content can change, can disappear, can be throttled (http://altlab.com/hotlinking.html), etc.

If embedding is impossible in this case, there's always the option of linking out.

Okay, so just to recap: the plugin would allow users to upload content or build content from the h5p library offered through the plugin. The Commons will not allow users to upload H5P content due to security concerns.There is a way to download an .h5p file by clicking "reuse" on the owl page but I assume this is what you mean by allowing commons users to upload? So the plugin only really facilitates building h5p content directly on the Commons.

Follow up question: if the h5p content can be embedded with an iframe, we also do not allow that on the Commons because the content within the iframe could change. How does this differ from other embeds we have allow on the Commons from things like Google Doc, Padlet, Voicethread, etc?

From my understanding, there are three ways to get H5P content in the plugin:
1. Create it. See "simple editor" screenshot at https://wordpress.org/plugins/h5p/
2. Get it from the H5P Library, which is a curated library of content from https://h5p.org/content-types-and-applications. This corresponds to the "browse content types" screenshot at https://h5p.org/documentation/setup/wordpress
3. Upload .h5p files created by yourself or others. This corresponds to the screenshot just before the "Add H5P content..." header at https://h5p.org/documentation/setup/wordpress This also corresponds to clicking "reuse" on the owl page.

I think 1 is harmless (this needs verification) and should be no problem to allow. 3 is potentially very problematic and should not be allowed. I leave the wisdom of 2 to the judgment of the group. See https://redmine.gc.cuny.edu/issues/9947#note-1

Follow up question: if the h5p content can be embedded with an iframe, we also do not allow that on the Commons because the content within the iframe could change. How does this differ from other embeds we have allow on the Commons from things like Google Doc, Padlet, Voicethread, etc?

The primary reason for not allowing arbitrary iframes is related to security. We've made the decision that Google, Voicethread, etc are trustworthy enough that the risk of malware injection is low. We can continue to add site-specific embeds on a case-by-case basis. The argument that "the content within the iframe could change" is secondary, but is related to the security issue: content embedded from OWL may be safe today, but if the site is hacked tomorrow, it suddenly becomes malware.

I circled back to this professor to get more info on how many quizzes she was hoping to embed and she reported she would look into other options for now. She is going to try out a quiz survey plugin that is already available on the Commons and I will plan to follow up with her to see how that goes.

We may want revisit option 2 and the possibilities for h5p libraries outlined by Boone at some point, as it seems like there is continued interest in quizzing functionalities.

We have another request for this:

"Vivian Chan

Hi. Is it possible to embed H5P content in my Wordpress site? I believe we need to install a plugin to make this work https://h5p.org/wordpress."

I replied asking her to tell us more.

Thanks for the update!

From what I have learned from Boone, the H5P plugin presents security issues depending on how professors want to add the quiz to the Commons. Since Vivian asked about embedding or uploading quizzes, I don't think we can facilitate this due to the security risks.

If she is willing to build the quizzes directly within the Commons she could try out an alternative quizzing plugin - Quiz and Survey Master. But there are still some kinks to work our with this plugin and it does not work as well as h5p.

Boone - is there a way we can give users access to the h5p plugin but restrict access to the H5P libraries and embedding? Or does plugin activation automatically make libraries available?

All - here's the link to Scott's attempt to get updated documentation for Quiz and Survey Master:
https://wordpress.org/support/topic/documentation-link-broken-5/

(Boone, this came up on the call just now. The person who opened the Zendesk ticket hasn't been in touch since Monday's original query, so there appears to be no urgency.)

Boone - is there a way we can give users access to the h5p plugin but restrict access to the H5P libraries and embedding? Or does plugin activation automatically make libraries available?

This might be possible with some custom development, but it's not possible out of the box.

Here's another request for the plugin:

- What's the name of the plugin/theme?
Interactive Content - H5P

- In a few words, what does it do?
Description
One of the great benefits with using H5P is that it gives you access to lots of different interactive content types, such as presentation, interactive video, memory game, quiz, multiple choice, timeline, collage, hotspots, drag and drop, cloze test (fill in the blanks), personality quiz, accordion, flash cards, audio recorder.

- How is the plugin/theme different from what's already provided on the Commons?
Another great benefit with H5P is that it allows you to easily share and reuse content. To use content created with H5P, you simply insert a shortcode [h5p Id="1"] where you wish for the content to appear. To reuse content, you just download the H5P you would like to edit and make your changes - e.g. translate to a new language or adjust it to a new situation.
H5P is:

• Open Source
• Free to Use
• HTML5
• Responsive

- What's the potential impact?
Who will use it? Instructors /Students

- Who is the plugin author?
Contributors & Developers
"Interactive Content - H5P" is open source software. The following people have contributed to this plugin.
Contributors

Contributors

• [https://secure.gravatar.com/avatar/7067780e4575b0e65b09dc6f647e886a?s=32&d=mm&r=g] icc0rz<https://profiles.wordpress.org/icc0rz/>
• [https://secure.gravatar.com/avatar/6b42ff8841f00a2f5481cedea8da4319?s=32&d=mm&r=g] fnoks<https://profiles.wordpress.org/fnoks/>
• [https://secure.gravatar.com/avatar/442a8397123602775eb43e0055d24079?s=32&d=mm&r=g] falcon28<https://profiles.wordpress.org/falcon28/>

- Say a little bit about the release history and popularity of the plugin. How many times has it been downloaded? When was it last updated?

https://wordpress.org/plugins/h5p/advanced

This is from
Sharon Jorrín
Media Accessibility and Technology Assistant
CUNY School of Professional Studies

I replied:
"Looks like you copied and pasted many of your answers there. I see that there are security concerns with this plugin, so please give us a better idea of who is requesting it, if they have tried other plugins, and what it is need for. Thank you! "