Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52263

No way to add options to external_format_text ('trusted', 'noclean', etc.)

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Create a course with a student and a teacher. The course must have at least one section.
      2. Create a wiki and add at least one page to that wiki with more than 3 headings.
      3. As admin, enable "Mobile services": Plugins ► Web Services ► Mobile
      4. Create a Token for the student user.
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      5. Next, you can do a CURL REST call simulating a WS client with the student user.
        • You need to replace the wstoken, wikiid (the wiki instance value) and the URL of your moodle instance.

          curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=mod_wiki_get_subwiki_pages&wikiid=1&wstoken=5b6154a56566a194f60f7f395f235179' --compressed

      6. Confirm that you receive a list with the pages of that wiki.
      7. Confirm that in the page contents contains the Table of contents and that the headings include <a name="toc-X" ...> where X can be variable.

      Test case for 2.9 and 3.0 (Wiki ws not available)

      1. Create a course with a student. The course must have at least one section.
      2. Create an assignment and add the following HTML to the description:

        <p><a href="#test">Try this link</a></p><p><a name="test"></a>to here</p>

      3. As admin, enable "Mobile services": Plugins ► Web Services ► Mobile
      4. Create a Token for the student user.
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      5. Next, you can do a CURL REST call simulating a WS client with the student user.
        • You need to replace the wstoken, courseids (the course id value) and the URL of your moodle instance.

          curl 'http://localhost/m/stable_29/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseids%5B0%5D=3&moodlewssettingfilter=true&wsfunction=mod_assign_get_assignments&wstoken=20fb541864b82c30be2f15b6613f84d4' --compressed

      6. Confirm that the intro parameter of the assignment has <a name="test"></a> on it.
      Show
      Create a course with a student and a teacher. The course must have at least one section. Create a wiki and add at least one page to that wiki with more than 3 headings. As admin, enable "Mobile services": Plugins ► Web Services ► Mobile Create a Token for the student user. Click on Site administration ► Plugins ► Web services ► Manage tokens Next, you can do a CURL REST call simulating a WS client with the student user. You need to replace the wstoken, wikiid (the wiki instance value) and the URL of your moodle instance. curl 'http://localhost/m/stable_master/webservice/rest/server.php?moodlewsrestformat=json' --data 'wsfunction=mod_wiki_get_subwiki_pages&wikiid=1&wstoken=5b6154a56566a194f60f7f395f235179' --compressed Confirm that you receive a list with the pages of that wiki. Confirm that in the page contents contains the Table of contents and that the headings include <a name="toc-X" ...> where X can be variable. Test case for 2.9 and 3.0 (Wiki ws not available) Create a course with a student. The course must have at least one section. Create an assignment and add the following HTML to the description: <p><a href="#test">Try this link</a></p><p><a name="test"></a>to here</p> As admin, enable "Mobile services": Plugins ► Web Services ► Mobile Create a Token for the student user. Click on Site administration ► Plugins ► Web services ► Manage tokens Next, you can do a CURL REST call simulating a WS client with the student user. You need to replace the wstoken, courseids (the course id value) and the URL of your moodle instance. curl 'http://localhost/m/stable_29/webservice/rest/server.php?moodlewsrestformat=json' --data 'courseids%5B0%5D=3&moodlewssettingfilter=true&wsfunction=mod_assign_get_assignments&wstoken=20fb541864b82c30be2f15b6613f84d4' --compressed Confirm that the intro parameter of the assignment has <a name="test"></a> on it.
    • Affected Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Pull Master Branch:
      MDL-52263-master

      Description

      Since MDL-51213 we decided to use external_format_text instead of format_text in the templatable classes.
      However there is no way to pass 'trusttext' (and/or 'noclean') option that format_text() uses to skip cleaning for trusted users.

      'trusttext' is currently used in feedback, forum, glossary, wiki and workshop. I personally would like it to be used more and more often so we can remove RISK_XSS from a bunch of capabilities and encourage safe collaboration

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pferre22 Pau Ferrer
              Reporter:
              marina Marina Glancy
              Peer reviewer:
              Marina Glancy
              Integrator:
              Dan Poltawski
              Tester:
              Frédéric Massart
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón, Juan Leyva, Jake Dallimore, Jun Pataleta
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/May/16