Moodle
  1. Moodle
  2. MDL-24393

Themes: Custom menu - escape custom menu item description

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Trivial Trivial
    • Resolution: Unresolved
    • Affects Version/s: 2.0
    • Fix Version/s: None
    • Component/s: Themes
    • Labels:
      None
    • Affected Branches:
      MOODLE_20_STABLE
    • Rank:
      7124

      Description

      I created a a custom menu item called Modules & Plugins and when I ran the HTML validation it was complaining because the ampersand was not escaped. I've not looked at the code but we can split the string based on the | character and make sure to convert the ampersand and other possibly offending characters to & that way if we want to keep the & in the URL unescaped we can. In any case, as it is, the user can break HTML validity so we should probably clean that up. Peace - Anthony

        Activity

        Hide
        Petr Škoda added a comment -

        I am not sure about this, there are many other places where teachers/admins have to enter proper html entities. I guess we would need some general solution.

        Show
        Petr Škoda added a comment - I am not sure about this, there are many other places where teachers/admins have to enter proper html entities. I guess we would need some general solution.
        Hide
        Anthony Borrow added a comment -

        I suspect most teachers and perhaps even many admins may not know what an html entity is. For 2.0, I'm OK with just adding a comment in the code and explaining it in Docs. Since it does not break functionality (just HTML validity check), I'm going to lower priority on this to trivial. Peace - Anthony

        Show
        Anthony Borrow added a comment - I suspect most teachers and perhaps even many admins may not know what an html entity is. For 2.0, I'm OK with just adding a comment in the code and explaining it in Docs. Since it does not break functionality (just HTML validity check), I'm going to lower priority on this to trivial. Peace - Anthony
        Hide
        Petr Škoda added a comment -

        We have exactly the same problem in most places where you can enter text (except the editor) since Moodle 1.0

        Show
        Petr Škoda added a comment - We have exactly the same problem in most places where you can enter text (except the editor) since Moodle 1.0
        Hide
        Anthony Borrow added a comment -

        I had not considered the possibility that it was an issue in other places as well and thus a larger issue. Perhaps we should just tag it as fix for 3.0 Peace - Anthony

        Show
        Anthony Borrow added a comment - I had not considered the possibility that it was an issue in other places as well and thus a larger issue. Perhaps we should just tag it as fix for 3.0 Peace - Anthony
        Hide
        Sam Hemelryk added a comment -

        Hi guys,

        I've updated the docs http://docs.moodle.org/en/Theme_settings#New_settings_for_Moodle_2.0 to reflect this presently.

        Petr, do you think it is an idea to escape the custom menu items in this situation until either we come up with a general solution? which sounds like a hell of a task.

        Cheers
        Sam

        Show
        Sam Hemelryk added a comment - Hi guys, I've updated the docs http://docs.moodle.org/en/Theme_settings#New_settings_for_Moodle_2.0 to reflect this presently. Petr, do you think it is an idea to escape the custom menu items in this situation until either we come up with a general solution? which sounds like a hell of a task. Cheers Sam
        Hide
        Petr Škoda added a comment -

        We could use a general XHTML fixer script, it could fix this & and random < > too. I do not think it should be part of any cleaning parameter and would have to be called explicitly in places where we want to fix invalid user input...

        Show
        Petr Škoda added a comment - We could use a general XHTML fixer script, it could fix this & and random < > too. I do not think it should be part of any cleaning parameter and would have to be called explicitly in places where we want to fix invalid user input...

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated: