Details
-
Type:
Improvement
-
Status: Reopened
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 2.7.7, 2.8.5, 3.8.2
-
Fix Version/s: None
-
Component/s: General, HTML Editor (Atto)
-
Story Points:2
-
Sprint:International 4.0 - Sprint 2, International 4.0 - Sprint 3, International 4.0 - Sprint 4, International 4.0 - Sprint 5, International 4.0 - Sprint 6, International 4.0 - Sprint 7, Internationals - 3.11 Sprint 4, Internationals - 3.11 Sprint 5
Description
If you enter code in an editor (or textarea) with unbalanced div tags, script tags, or html comments, it can completely break page rendering.
At some point, it was decided that teachers are inherently trusted because there are some things they have to be able to do that would give them XSS capability. Because of that, we do absolutely no sanitization of teacher content in places like course sections, and we very frequently run into problems where they paste content from somewhere and it has unbalanced tags that then makes it impossible to fix via the UI.
Attachments
Issue Links
- has been marked as being related by
-
MDL-52724 Atto does not generate UL tags when pasting LI tags
-
- Development in progress
-
-
MDL-47002 Atto cleaning sometimes leaves un-closed html comments
-
- Closed
-
- is duplicated by
-
MDL-70636 Grid Course Layout: Incorrect list elements in text field mess up entire course structure
-
- Closed
-