[MDL-35343] JavaScript code visible in multichoice question response feedback - Moodle Tracker

XML

Word

Printable

Testing Instructions:

Hide

1. Create a multiple-choice question with some JavaScript code in the specific feedback for one of the choices.

2. Preview the question in Firefox, ensuring that all feedback is set to be displayed.

3. Select the choice with the JS in the feedback, and submit.

4. Verify that you cannot see the JS code. (You might think 'of course I can't see the JS code, but previously, it was showing up!)

Show
1. Create a multiple-choice question with some JavaScript code in the specific feedback for one of the choices. 2. Preview the question in Firefox, ensuring that all feedback is set to be displayed. 3. Select the choice with the JS in the feedback, and submit. 4. Verify that you cannot see the JS code. (You might think 'of course I can't see the JS code, but previously, it was showing up!)
Affected Branches:
MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
Fixed Branches:
MOODLE_22_STABLE, MOODLE_23_STABLE
Pull from Repository:
git://github.com/timhunt/moodle.git
Pull Master Branch:
~~MDL-35343~~
Pull Master Diff URL:
https://github.com/timhunt/moodle/compare/master...MDL-35343

qtype_multichoice (and some others) contains the CSS

.que.multichoice .answer .specificfeedback * {

    display: inline;

    background: #FFF3BF;

It seems that Firefox (at least) relies in a default rule

script {

    display: none;

to hide the contents of the script tag, and we are overriding that.

This also affects some other places in similar qtypes.