Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55888

Non-trusted text can be saved in category description but disappears when edited

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.0.4, 3.1.1
    • None
    • Course
    • MOODLE_30_STABLE, MOODLE_31_STABLE
    • Easy
    • Hide
      1. Create a new category
      2. As a trusted user input <script type="text/javascript">alert('test');</script> into the description
      3. Ensure the code was saved - visit category page and you should see the alert
      4. Edit the description and check if the script is displayed still
      Show
      Create a new category As a trusted user input <script type="text/javascript">alert('test');</script> into the description Ensure the code was saved - visit category page and you should see the alert Edit the description and check if the script is displayed still

    Description

      The category description allows non-save text to be input like javascript but it disappears when trying to edit it.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jkb Jakub Kania
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Raquel Ortega, Sara Arjona (@sarjona)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: