[MDL-48467] Atto: Clean the html even if submitting the form when atto is in html view mode - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.7.1, 2.8.6, 2.9, 3.0
Fix Version/s: 2.8.7, 2.9.1
Component/s: HTML and CSS, Text editor Atto
Labels:
- ci
- release_notes
- triaged

Affected Branches:
MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
Fixed Branches:
MOODLE_28_STABLE, MOODLE_29_STABLE
Pull from Repository:
git://github.com/merrill-oakland/moodle.git
Pull Master Branch:
~~MDL-48467~~-master
Pull Master Diff URL:
https://github.com/merrill-oakland/moodle/compare/20d3883...MDL-48467-master
Testing Instructions:
Hide

Go into a course and edit a course section heading

Go into HTML mode

Enter:

<!--

This is a unclosed comment

Save

Confirm on the next page you see the text, and that the whole page is visible

Note that you will probably be able to see the content "change", stripping the open comment tag when you hit submit before it is actually submitted.
Show
Go into a course and edit a course section heading Go into HTML mode Enter: <!-- This is a unclosed comment Save Confirm on the next page you see the text, and that the whole page is visible Note that you will probably be able to see the content "change", stripping the open comment tag when you hit submit before it is actually submitted.

Description

I'll set the scene, on my course page, i'm editing a section description.

I've noticed that when i switch to the HTML code mode in the Atto HTML editor moodle is allowing me to save the following code

<body style="background-color: #336699"></body>

Furthermore moodle is then saving this inline style and putting it on the body tag of the page which results in the whole page turning the above color.

Then when i go to edit the same section description again the above code is removed by the Atto HTML editor and in order for me to remove the colour i need to add the following code

<body style=""></body>

Perhaps Moodle needs to sanitise what is getting pushed back from the text editors or the Atto HTML editor needs to be changed so it doesn't allow certain tags.

Attachments

Issue Links

has been marked as being related by

MDL-48225 Topic becomes un-editable when incomplete style attribute used in html on topic description

Closed

Activity

People

Assignee:: Eric Merrill

Reporter:: Michael Barber

Peer reviewer:: Adrian Greeve

Integrator:: Eloy Lafuente (stronk7)

Tester:: Mark Nelson

Participants:: Adrian Greeve, Andrew Lyons, CiBoT, Damyon Wiese, Eloy Lafuente (stronk7), Eric Merrill, Marina Glancy, Mark Nelson, Michael Barber

Component watchers:: Amy Groshek, David Scotson, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 03/Dec/14 3:38 PM

Updated:: 22/May/15 6:41 AM

Resolved:: 22/May/15 6:41 AM

Fix Release Date:: 6/Jul/15