After an outage on September 1, the Instructure Community is now fully available, including guides, release notes, forums, and groups. If some styling still looks unusual, clear your cache and cookies.
Found this content helpful? Log in or sign up to leave a like!
Upload a blank html file, link to that file from a page.
In safari try to click the link, it will give you a content blocked message.
I believe this is either a bug in canvas, or there is some plugin within our environment that is causing the issue. This issue is now degrading our user and overall platform experience.
The issue seems to be connected to some XSS issue with heapanalytics.js.
How, who do I need to contact at Canvas to get this fixed?
Solved! Go to Solution.
I'm unable to replicate that problem, @MattBunch. Using Safari, I uploaded an html file to the /files area of my course and added a link to it within the Rich Content Editor using the Course Link option. Canvas treats it like a file and opens the file preview showing the content of the file.
You mention a .js file. Canvas does not allow any <script> elements to be added to the HTML view of the Rich Content Editor, and it's possible that would present the error you describe. Another option is to use an <iframe> to make the page content appear within the Rich Content Editor.
If you're not using <script>, check to confirm that the link begins with https:// instead of http://. Browsers do not like to display http:// webpages inside an https:// webpage because that's an easy way for security violations to spread.
I'm unable to replicate that problem, @MattBunch. Using Safari, I uploaded an html file to the /files area of my course and added a link to it within the Rich Content Editor using the Course Link option. Canvas treats it like a file and opens the file preview showing the content of the file.
You mention a .js file. Canvas does not allow any <script> elements to be added to the HTML view of the Rich Content Editor, and it's possible that would present the error you describe. Another option is to use an <iframe> to make the page content appear within the Rich Content Editor.
If you're not using <script>, check to confirm that the link begins with https:// instead of http://. Browsers do not like to display http:// webpages inside an https:// webpage because that's an easy way for security violations to spread.
I can replicate this using Safari Version 16.6 (18615.3.12.11.2) in MacOS Ventura. I have a series of html files in a zip file, upload the zip and have canvas expand the file. I get "access denied" from Safari, but not from Firefox.
The fix is to turn off "Prevent cross-site tracking" in settings under the privacy tab in Safari. I think this might be worth reporting as a bug or at least a Safari incompatibility.
Safari -> Settings -> Privacy (tab)
I have students reporting the same issue simply opening HTML files from the Modules section in Safari. It has nothing to do with the Rich Content Editor. These are simply files that I have added and linked using the Modules "Add file" function.
We also have users encounter the same issue with launching a simple html files from Files with Safari and it shows "Access Denied - Access to this page is limited to authorized users. You do not currently have permission to view this page".
The file has no problem launching with other web browsers like Firefox and Chrome, but just fail with Safari.
To interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign inTo interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign in