Blocked file extensions for Iframe Embedded content (on Moodle)

Hi,

I'm trying to package up HTML/JS content into H5P packages, using Iframe Embedder.

The ReadMe indicates that internal embedding is possible... I've correctly zipped the archive, but getting multiple errors:

"File "xyz.html" not allowed. Only files with the following extensions are allowed: json png jpg jpeg gif bmp tif tiff svg eot ttf woff woff2 otf webm mp4 ogg mp3 m4a wav txt pdf rtf doc docx xls xlsx ppt pptx odt ods odp xml csv diff patch swf md textile vtt webvtt gltf glb."

It appears to be a whitelist - I'm assuming within the mod_hvp. Poking around github, I can find a defaultWhitelist property with the default file extensions above, but can't find anywhere it's later set (ie admin interface). Comments in the code do state that it can be overriden, but no matter how hard I stare at the screen, I can't seen any whitelisting options.

Again, I'm assuming this is enforced by mod_hvp and not by Moodle's own security (which I also can't find a whitelist for)?

Much of the content is produced in Hype, my plan is to write a new output script for it, that will correctly structure the files, stuff it into a directory with template Iframe Embedder and then zip it up, so it will be a very nice workflow, but I'm a bit stuck with not being able to upload them :(

Thanks

Jon

 

PS: I've just tried uploading the .h5p as a file rather than via the content bank, and then using that as an H5P module in Moodle... It still doesn't work, but does get as far as rendering the H5P container, which just repeats the same errors, but now includes a "not-in-whitelist : " prefix to the errors.

Annoyingly, it appears not just the "Add" code that is testing the file types, but it actively tests existing content on the server when executed, so I can't even bypass and upload via SFTP etc

Jon

I've tried uploading the file as an attachment, and then using that as an H5P module in Moodle... It still doesn't work, but does include a "not-in-whitelist : " prefix to the error.

Annoyingly, it appears not just the "Add" code that is testing the file types, but it actively tests existing content on the server when executed, so I can't even bypass and upload via SFTP etc