[MDL-16291] KSES cleans HTML excessively - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Won't Fix
Affects Version/s: 1.9
Fix Version/s: None
Component/s: Assignment (2.2)
Labels:
None

Database:

MySQL
Affected Branches:
MOODLE_19_STABLE

Description

Problem description:

Both student submission and teacher response are saved into the database correctly. So the HTML typed inside the html editor is stored straight into the database.
On the other hand, when this submission is shown it is printed by the text_format php function. The problem is that the HTML_FORMAT filter cleans the styles saved in the database(clean_text php function)

Possible Solution:

Teacher´s feedback
*
file=/lib/gradelib.php:450-452
*/

450 $options = new stdClass;
451 $options->noclean = true;
452 $grade->str_feedback = format_text($grade->feedback, $grade->feedbackformat,$options);

Student´s submission
*
file=/mod/assignment/type/online/assignment.class.php:104-106
*/

104 $options = new stdClass;
105 $options->noclean = true;
106 $grade->str_feedback = format_text($grade->feedback, $grade->feedbackformat,$options);

I´m not that sure how these modifications could affect to the moodle style page and if there is a posibility of malicious code injection through showing RAW html.

Attachments

Issue Links

has been marked as being related by

MDL-16293 Background color stripped when submitting after highlighting text in forums

Closed

will help resolve

MDL-14954 html WYSIWYG editor loses indent in forums and wiki on 1.9+

Closed

Activity

People

Assignee:: Dan Marsden

Reporter:: Federico Botti

Participants:: Dan Marsden, Federico Botti, Petr Skoda

Votes:: 4 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 02/Sep/08 6:02 AM

Updated:: 18/Jan/19 6:41 AM

Resolved:: 10/Jun/13 6:17 AM