03 March 2025

Ontrack Hubs

BETA Only applicable to institutions using the BETA release. Note that BETA documentation may be incomplete or contain errors.

The new and updated features for the 4.47 release are as follows:

Concierge
Header Business Impact Affected Topics

Concierge - Applications

The Application Overview page now includes four additional tabs as follows:

Interview Details
Enables staff to view and update information related to a learner’s interview. Staff can monitor the interview status, make necessary changes, and record notes directly linked to the interview process.
Qualifications
Enables staff to review and manage the qualifications submitted by a learner. This includes adding new qualifications and confirming whether the learner meets the necessary requirements for the course.
Requirements
Enables staff to view the requirements set against the UIO and add additional criteria as needed. This functionality allows staff to assess whether the learner’s individual qualifications and needs align with the course requirements.
Offers

Enables staff to review any existing offers made to the learner. Staff can also issue new offers, helping determine whether the learner can proceed to enrolment following the interview process.

Additional roles are required for staff to access and manage data within these tabs as follows:

  • View or Edit Interview Details

  • View or Edit Qualifications

  • View or Edit Requirements

  • View or Edit Offers

Concierge

Concierge - Interviews

Staff can use the new Interviews feature to search for existing interviews using search criteria such as event name, number of allocated learners, and so on. On finding the interview of interest you can view the learners allocated to that interview.

Concierge

Find Interviews

Concierge - Enrolments

Staff can use the new Enrolments feature to search for existing enrolments and learners, create a new enrolment on behalf of a learner, invite applicants to create a learner account and then create enrolments for a learner.

Staff can enrol a learner on a course by completing an Enrolment Form.

Details required for each page of the enrolment form are summarised below:

Personal Details
Enables staff to enter the learner’s account information, contact details, and address.
Further Details
Enables staff to input information regarding the learner’s equal opportunities and support needs.
Statements
Enables staff to select statements that are applicable for the learner.
Evidence
Enables staff to upload any supporting documentation required for the enrolment.
Data Protection
Enables staff to record the learner’s consent for the use of their personal data.
Payments

Enables staff to view the total fee for the selected courses.

When you have completed the enrolment process the Confirmation page will display.

Concierge

Find Enrolments

Create Enrolments

Application search results grid columns

In Concierge > Application > Search Results the Person Code, Surname, and Forename columns are now pinned to the left of the grid.

Not applicable

Security
Header Business Impact Affected Topics

Ontrack Content Security (CSP) security improvements

Ontrack security has been significantly enhanced by modifying the CSP (Content Security Policy) to block the execution of inline scripts. This change stops malicious scripts being injected into ontrack pages, offering stronger protection against XSS (Cross-Site Scripting) attacks. Genuine ebs scripts are marked with a unique value to identify these as safe to run.

In order to facilitate the use of custom JavaScript by customers, scripts added in the following supported ways will also be considered authorised. It is therefore important to ensure that access to these locations is carefully controlled:

  • Scripts in custom html controls in Designer.

  • Scripts added to the translation and analytics folders.

Should this security change cause unforeseen issues, ontrack can be reverted to allow the use of inline scripts by adding the value unsafe-inline in the Content-Security-Policy > script-src directive institution setting.

Adding this attribute is not recommended and should only be considered as a short-term workaround.

CSP institution settings

Default directives such as those relating to the use of the Google translate widget, have been removed from the out-of-the-box CSP, following the security principle of least privilege. If these were in use, the functionality will be blocked on upgrade. If the functionality is still required, use the Dev Tools features found in Chrome and Edge to review any console errors relating to the CSP, and add any missing domains to the appropriate content security policy directive.

Two further new institution settings have been added to give greater control to institutions over the content and restrictions applied in the CSP:

  • Content-Security-Policy base-uri directive.

  • Content-Security-Policy worker-src directive.

Ontrack Institution Settings

Analytics snippet usage of head.cshtml to add in the <head> element

Google Tag Manager recommends that scripts are embedded in the <head> tag. To support this, the contents of a script named head.cshtml placed in the analytics folder will be included in the <head> tag of every page in Ontrack.

Files with any other name will continue to be included in the <body> tag of each page.