Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-35343

JavaScript code visible in multichoice question response feedback

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.5, 2.3.2, 2.4
    • Fix Version/s: 2.2.6, 2.3.3
    • Component/s: Questions
    • Labels:
    • Testing Instructions:
      Hide

      1. Create a multiple-choice question with some JavaScript code in the specific feedback for one of the choices.

      2. Preview the question in Firefox, ensuring that all feedback is set to be displayed.

      3. Select the choice with the JS in the feedback, and submit.

      4. Verify that you cannot see the JS code. (You might think 'of course I can't see the JS code, but previously, it was showing up!)

      Show
      1. Create a multiple-choice question with some JavaScript code in the specific feedback for one of the choices. 2. Preview the question in Firefox, ensuring that all feedback is set to be displayed. 3. Select the choice with the JS in the feedback, and submit. 4. Verify that you cannot see the JS code. (You might think 'of course I can't see the JS code, but previously, it was showing up!)
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:

      Description

      qtype_multichoice (and some others) contains the CSS

      .que.multichoice .answer .specificfeedback * {
          display: inline;
          background: #FFF3BF;
      }

      It seems that Firefox (at least) relies in a default rule

      script {
          display: none;
      }

      to hide the contents of the script tag, and we are overriding that.

      This also affects some other places in similar qtypes.

        Gliffy Diagrams

          Activity

          Hide
          timhunt Tim Hunt added a comment -

          This JS is getting worse and worse, but I think that, for now, this quick fix is the way to go.

          Show
          timhunt Tim Hunt added a comment - This JS is getting worse and worse, but I think that, for now, this quick fix is the way to go.
          Hide
          timhunt Tim Hunt added a comment -

          P.S. we found this at the OU, because we have a filter that outputs JS code as part of its output.

          Show
          timhunt Tim Hunt added a comment - P.S. we found this at the OU, because we have a filter that outputs JS code as part of its output.
          Hide
          stronk7 Eloy Lafuente (stronk7) added a comment -

          Unbelievable and integrated (22, 23 & master), thanks!

          Show
          stronk7 Eloy Lafuente (stronk7) added a comment - Unbelievable and integrated (22, 23 & master), thanks!
          Hide
          dmonllao David Monllaó added a comment -

          It passes, tested in 22 and master with a "<p>asdf</p><script type="text/javascript">alert('asd');</script>", the Javascript is executed but not displayed.

          Show
          dmonllao David Monllaó added a comment - It passes, tested in 22 and master with a "<p>asdf</p><script type="text/javascript">alert('asd');</script>", the Javascript is executed but not displayed.
          Hide
          stronk7 Eloy Lafuente (stronk7) added a comment -

          Gutta cavat lapidem, non vi sed saepe cadendo - Ovidio

          This issue has been integrated upstream and is now available both via git and cvs (and in some hours, via mirrors and downloads).

          Thanks!

          Show
          stronk7 Eloy Lafuente (stronk7) added a comment - Gutta cavat lapidem, non vi sed saepe cadendo - Ovidio This issue has been integrated upstream and is now available both via git and cvs (and in some hours, via mirrors and downloads). Thanks!

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                12/Nov/12