Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24393

Custom menu - escape custom menu item description

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.0
    • Fix Version/s: FRONTEND
    • Component/s: Libraries
    • Labels:
    • Affected Branches:
      MOODLE_20_STABLE

      Description

      I created a a custom menu item called Modules & Plugins and when I ran the HTML validation it was complaining because the ampersand was not escaped. I've not looked at the code but we can split the string based on the | character and make sure to convert the ampersand and other possibly offending characters to & that way if we want to keep the & in the URL unescaped we can. In any case, as it is, the user can break HTML validity so we should probably clean that up. Peace - Anthony

        Gliffy Diagrams

          Activity

          Hide
          skodak Petr Skoda added a comment -

          I am not sure about this, there are many other places where teachers/admins have to enter proper html entities. I guess we would need some general solution.

          Show
          skodak Petr Skoda added a comment - I am not sure about this, there are many other places where teachers/admins have to enter proper html entities. I guess we would need some general solution.
          Hide
          aborrow Anthony Borrow added a comment -

          I suspect most teachers and perhaps even many admins may not know what an html entity is. For 2.0, I'm OK with just adding a comment in the code and explaining it in Docs. Since it does not break functionality (just HTML validity check), I'm going to lower priority on this to trivial. Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - I suspect most teachers and perhaps even many admins may not know what an html entity is. For 2.0, I'm OK with just adding a comment in the code and explaining it in Docs. Since it does not break functionality (just HTML validity check), I'm going to lower priority on this to trivial. Peace - Anthony
          Hide
          skodak Petr Skoda added a comment -

          We have exactly the same problem in most places where you can enter text (except the editor) since Moodle 1.0

          Show
          skodak Petr Skoda added a comment - We have exactly the same problem in most places where you can enter text (except the editor) since Moodle 1.0
          Hide
          aborrow Anthony Borrow added a comment -

          I had not considered the possibility that it was an issue in other places as well and thus a larger issue. Perhaps we should just tag it as fix for 3.0 Peace - Anthony

          Show
          aborrow Anthony Borrow added a comment - I had not considered the possibility that it was an issue in other places as well and thus a larger issue. Perhaps we should just tag it as fix for 3.0 Peace - Anthony
          Hide
          samhemelryk Sam Hemelryk added a comment -

          Hi guys,

          I've updated the docs http://docs.moodle.org/en/Theme_settings#New_settings_for_Moodle_2.0 to reflect this presently.

          Petr, do you think it is an idea to escape the custom menu items in this situation until either we come up with a general solution? which sounds like a hell of a task.

          Cheers
          Sam

          Show
          samhemelryk Sam Hemelryk added a comment - Hi guys, I've updated the docs http://docs.moodle.org/en/Theme_settings#New_settings_for_Moodle_2.0 to reflect this presently. Petr, do you think it is an idea to escape the custom menu items in this situation until either we come up with a general solution? which sounds like a hell of a task. Cheers Sam
          Hide
          skodak Petr Skoda added a comment -

          We could use a general XHTML fixer script, it could fix this & and random < > too. I do not think it should be part of any cleaning parameter and would have to be called explicitly in places where we want to fix invalid user input...

          Show
          skodak Petr Skoda added a comment - We could use a general XHTML fixer script, it could fix this & and random < > too. I do not think it should be part of any cleaning parameter and would have to be called explicitly in places where we want to fix invalid user input...
          Hide
          samhemelryk Sam Hemelryk added a comment -

          I am un-assigning myself from this issue as I am not currently working on this and it will give the opportunity for someone else to work on it.

          Show
          samhemelryk Sam Hemelryk added a comment - I am un-assigning myself from this issue as I am not currently working on this and it will give the opportunity for someone else to work on it.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: