Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55888

Non-trusted text can be saved in category description but disappears when edited

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.0.4, 3.1.1
    • Fix Version/s: None
    • Component/s: Course
    • Labels:
    • Testing Instructions:
      Hide
      1. Create a new category
      2. As a trusted user input <script type="text/javascript">alert('test');</script> into the description
      3. Ensure the code was saved - visit category page and you should see the alert
      4. Edit the description and check if the script is displayed still
      Show
      Create a new category As a trusted user input <script type="text/javascript">alert('test');</script> into the description Ensure the code was saved - visit category page and you should see the alert Edit the description and check if the script is displayed still
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_30_STABLE, MOODLE_31_STABLE

      Description

      The category description allows non-save text to be input like javascript but it disappears when trying to edit it.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            jkb Jakub Kania
            Participants:
            Component watchers:
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: