Hide correct answers from javascripts in the published course

We have an open online course made in Storyline 3 published with HTML5. We recently discovered that some students use the inspect code option of their browser to find out the correct/incorrect answer options in the javascript code. The code states clearly if the answer option is true or false, which makes it easy to identify which one is correct and which is not, see attached image.

Can you make it more difficult to figure out the right response by hiding the information better? Not mark answers as 'correct response' but instead M345 or whatever. 

7 Replies
Michael Anderson

I've been wondering how long it would take someone to figure that out. I always thought this was one reason that Articulate didn't want to expose too many internal variables used in the published output. Crystal, you really should escalate this to your engineers as this could become a major issue for companies relying on Storyline courses to certify their employees.

Ashley Terwilliger-Pollard

Hi Michael,

Although the answers aren't encoded, they're fairly difficult to find. I'd argue it's easier to learn the content of your assessment, than to learn how to decipher to contents of the .js files. Even looking at the example shared at the top of this thread, with the highlights I still wouldn't have known that the answer was false. 

I do know this is a common topic in the e-learning industry and the team at http://scorm.com wrote a great article about the security of online training that provides important context.

I hope that helps clarify our current set up, and if there is anything else I can do to help - let me know!

Anna Elvnejd

Thanks to everyone who has replied.

Ashley, in this case the students are 16 years old. So looking at code and understanding what it means is something that everyone will know in the very near future and something that you will have to address.

I know we can manipulate the .js files after publishing but that will give us a manual step that I want to avoid. What I would like is that Articulate anonymized the answers, for example by naming them something other than "true" or "false". By posting here, is this suggestion recorded in your list of future fixes or do I need to send it to a certain e-mail?

Ashley Terwilliger-Pollard

Hi Anna, 

I certainly agree that there is work to be done in the near term to help secure SCORM content as a whole. There will always be newer and ever trickier ways to "hack" into the code, answers, scoring, etc. The SCORM specifications and restrictions laid out in this article also back up that assertion. I wanted to highlight some quotes from that here that I found paramount to consider:

  • The utility of SCORM’s ease of use, interoperability and portability outweigh the possibility that some people will cheat the system. Adding any kind of real security to SCORM would negatively affect the ease of use (i.e. development) and portability of SCORM content. In light of the inherently insecure environment in which SCORM operates, this doesn’t seem like a bad design trade off.
  • How do we ensure that the learner has really “retained the knowledge” and isn’t just looking up the answers on Google or asking his buddy in the next cubicle what the test answers are? Online training is an open book test.
  • The question becomes “at what level of stakes is the risk of cheating (both technical and non-technical) tolerable?” Certainly we wouldn’t certify somebody to fly a 747 or perform brain surgery based on the result of an online exam.

The article may have started with a tone of "what are we to do" but luckily they did outline ways to look at changing the SCORM standard in the future, and some actions that may help today which are built into most LMSs:

  • Evaluate the time spent in the module per individual vs. the standard. A user who presumably took a lot less time in the course, likely didn't learn the content.
  • Comparing the actual time it took the learner to complete a quiz against both the typical learning time defined in the metadata (if present) and the average time it has taken other learners to complete the same quiz.

All of this is a great discussion to keep having here and with your LMS teams! It's only through open conversations this that we'll be able to continually make a better system and ensure that our learners are truly absorbing and retaining content.  Feedback shared here in E-Learning Heroes is always passed to our Product team, and you can send anything else directly with us right here

Now, if we could only find a way to stop 16 year olds from sneaking out at night...that'd be the real win. 😉