Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16291

KSES cleans HTML excessively

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Won't Fix
    • 1.9
    • None
    • Assignment (2.2)
    • None
    • MySQL
    • MOODLE_19_STABLE

    Description

      Problem description:

      Both student submission and teacher response are saved into the database correctly. So the HTML typed inside the html editor is stored straight into the database.
      On the other hand, when this submission is shown it is printed by the text_format php function. The problem is that the HTML_FORMAT filter cleans the styles saved in the database(clean_text php function)

      Possible Solution:

      /*

      • Teacher´s feedback
        *
      • file=/lib/gradelib.php:450-452
        */

      450 $options = new stdClass;
      451 $options->noclean = true;
      452 $grade->str_feedback = format_text($grade->feedback, $grade->feedbackformat,$options);

      /*

      • Student´s submission
        *
      • file=/mod/assignment/type/online/assignment.class.php:104-106
        */

      104 $options = new stdClass;
      105 $options->noclean = true;
      106 $grade->str_feedback = format_text($grade->feedback, $grade->feedbackformat,$options);

      I´m not that sure how these modifications could affect to the moodle style page and if there is a posibility of malicious code injection through showing RAW html.

      Attachments

        Issue Links

          Activity

            People

              danmarsden Dan Marsden
              fbotti Federico Botti
              Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie
              Votes:
              4 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: